Red Hat would like to thank Mike O'Connor for bringing this issue to our attention.
Red Hat would like to thank the rsync team for their rapid response and quick fix for this issue.
Red Hat would like to thank Ulf Härnhammar for discovering and alerting us to this issue.
Red Hat would like to thank Paul Starzetz from ISEC for disclosing this issue as well as Andrea Arcangeli and Solar Designer for working on the patch.
Red Hat would like to thank Steffan Esser for finding and reporting these issues and Jacques A. Vidrine for providing initial patches.
Red Hat would like to thank Steffan Esser for finding and reporting this issue and Jacques A. Vidrine for providing the initial patch.
Red Hat would like to thank Steffan Esser for finding and reporting this issue and Jacques A. Vidrine for providing the initial patch.
Red Hat would like to thank Paul Starzetz from ISEC for reporting this issue.
Red Hat would like to thank Niels Heinen for reporting this issue.
Red Hat would like to thank the Samba team for reporting this issue and providing us with a patch.
Red Hat would like to thank David Dawes from XFree86 and iDefense for reporting and working on this issue.
Red Hat would like to thank David Dawes from XFree86 and iDefense for reporting and working on this issue.
Red Hat would like to thank Craig Southeren of the OpenH323 project for providing the fixes for these issues.
Red Hat would like to thank David Dawes from XFree86 for the patches and notification of these issues.
Red Hat would like to thank the MIT Kerberos Development Team for their responsible disclosure of this issue.
Red Hat would like to thank Ulf Härnhammar for disclosing and providing test cases and patches for these issues.
Red Hat would like to thank Ulf Härnhammar for disclosing and providing test cases and patches for these issues.
Red Hat would like to thank Stefan Esser for notifying us of this issue and Derek Price for providing an updated patch.
Red Hat would like to thank Derek Price for auditing, disclosing, and providing a patch for this issue.
Red Hat would like to thank iSEC Security Research for disclosing this issue and a number of vendor-sec participants for reviewing and working on the patch to this issue.
Red Hat would like to thank Stefan Esser and Sebastian Krahmer for auditing, disclosing, and providing a patch for this issue.
Red Hat would like to thank Stefan Esser and Sebastian Krahmer for auditing, disclosing, and providing a patch for this issue.
Red Hat would like to thank Stefan Esser and Sebastian Krahmer for auditing, disclosing, and providing a patch for this issue.
Red Hat would like to thank Chris Evans for discovering these issues.
Red Hat would like to thank Chris Evans for discovering this issue.
Red Hat would like to thank Chris Evans for discovering these issues.
Red Hat would like to thank Sebastian Krahmer for auditing, disclosing, and providing a patch for this issue.
Red Hat would like to thank iDefense for their responsible disclosure of this issue.
Red Hat would like to thank iDefense for their responsible disclosure of this issue.
Red Hat would like to thank the MIT Kerberos Development Team and Gaël Delalleau for their responsible disclosure of this issue.
Red Hat would like to thank the MIT Kerberos Development Team and Daniel Wachdorf for their responsible disclosure of this issue.
Red Hat would like to thank the MIT Kerberos Development Team and Daniel Wachdorf for their responsible disclosure of this issue.
Red Hat would like to thank the MIT Kerberos Development Team for their responsible disclosure of this issue.
Red Hat would like to thank Derek B. Noonburg for reporting this issue and providing a patch.
Red Hat would like to thank Derek B. Noonburg for reporting this issue and providing a patch.
Red Hat would like to thank Derek B. Noonburg for reporting this issue and providing a patch.
Red Hat would like to thank Chris Evans for reporting this issue.
Red Hat would like to thank Chris Evans for reporting this issue.
Red Hat would like to thank Chris Evans for reporting this issue.
Red Hat would like to thank Chris Evans for reporting this issue.
Red Hat would like to thank Dirk Mueller for reporting this issue.
Red Hat would like to thank iDefense for reporting this issue.
Red Hat would like to thank Solar Designer for reporting this issue.
Red Hat would like to thank Dirk Mueller for reporting this issue and providing a patch.
Red Hat would like to thank Tavis Ormandy of the Google Security Team for reporting this issue.
Red Hat would like to thank Kirill Korotaev for reporting this issue.
Red Hat would like to thank Barry Warsaw for disclosing this vulnerability.
Red Hat would like to thank Barry Warsaw for disclosing these vulnerabilities.
Red Hat would like to thank Stephane Eranian for reporting this issue.
Red Hat would like to thank Wei Wang of McAfee Avert Labs for reporting this issue.
Red Hat would like to thank Olof Johansson for reporting this issue.
Red Hat would like to thank Dmitriy Monakhov for reporting this issue.
Red Hat would like to thank Kostantin Khorenko for reporting this issue.
Red Hat would like to thank Glenn Randers-Pehrson, Mats Palmgren, and Tavis Ormandy for supplying details and patches for this issue.
Red Hat would like to thank Kostantin Khorenko for reporting this issue.
Red Hat would like to thank Ludwig Nussel for reporting this issue.
Red Hat would like to thank Ludwig Nussel for reporting this issue.
Red Hat would like to thank Ludwig Nussel for reporting this issue.
Red Hat would like to thank Fridrich Štrba and iDefense for alerting us to this issue.
Red Hat would like to thank Daniel Roethlisberger for reporting this issue.
Red Hat would like to thank John Heasman for reporting this issue.
Red Hat would like to thank the SWsoft Virtuozzo/OpenVZ Linux kernel team for reporting this issue.
Red Hat would like to thank MIT for reporting this issue.
Red Hat would like to thank MIT and iDefense for reporting this issue.
Red Hat would like to thank Ulf Härnhammar of Secunia Research for reporting this issue.
Red Hat would like to thank MIT for reporting this issue.
Red Hat would like to thank Core Security Technologies for reporting this issue.
Red Hat would like to thank iDefense for reporting this issue.
Red Hat would like to thank Ilja van Sprundel for reporting this issue.
Red Hat would like to thank Fridrich Štrba and iDefense for alerting us to this issue.
Red Hat would like to thank Tavis Ormandy and Will Drewry for properly disclosing these issues.
Red Hat would like to thank Tavis Ormandy and Will Drewry for properly disclosing these issues.
Red Hat would like to thank Glenn Randers-Pehrson, Mats Palmgren, and Tavis Ormandy for supplying details and patches for this issue.
Red Hat would like to thank the Samba developers, TippingPoint, and iDefense for reporting these issues.
Red Hat would like to thank the Samba developers, TippingPoint, and iDefense for reporting these issues.
Red Hat would like to thank JLANTHEA for reporting this issue.
Red Hat would like to acknowledge Tim Brown of Portcullis Computer Security and Dirk Mueller for these issues.
Red Hat would like to thank Dmitry V. Levin for reporting this issue.
Red Hat would like to thank Robert Buchholz for reporting this issue.
Red Hat would like to thank Rick King for responsibly disclosing this issue.
Red Hat would like to thank Alin Rad Pop for reporting this issue.
Red Hat would like to credit iDefense and Neil Kettle for reporting this issue.
Red Hat would like to thank the Samba developers for responsibly disclosing this issue.
Red Hat would like to thank Wojciech Purczynski for reporting this issue.
Red Hat would like to credit Chris Evans for reporting this issue.
Red Hat would like to thank Tavis Ormandy and Will Drewry for properly disclosing this issue.
Red Hat would like to thank Alin Rad Pop of Secunia Research for responsibly disclosing this issue.
Red Hat would like to thank Rafal Wojtczuk of McAfee Avert Research for responsibly disclosing these issues.
Red Hat would like to thank Josh Lange for reporting this issue.
Red Hat would like to thank Alin Rad Pop of Secunia Research for responsibly disclosing this issue.
Red Hat would like to thank the Google Security Team for responsibly disclosing this issue.
Red Hat would like to thank Tim Baum for reporting this issue.
Red Hat would like to thank Nick Piggin for responsibly disclosing this issue.
Red Hat would like to thank "regenrecht" for reporting this issue.
Red Hat would like to thank MIT for reporting this issue.
Red Hat would like to thank MIT for reporting this issue.
Red Hat would like to thank Ulf Härnhammar of Secunia Research for finding
and reporting this issue.
Red Hat would like to thank Will Drewry for reporting these issues.
Red Hat would like to thank Will Drewry for reporting these issues.
Red Hat would like to thank Tavis Ormandy of the Google Security Team for reporting this issue.
Red Hat would like to thank MIT and Jeff Altman of Secure Endpoints for reporting this issue.
Red Hat would like to thank MIT for reporting this issue.
Red Hat would like to thank Alin Rad Pop of Secunia Research for responsibly disclosing this issue.
Red Hat would like to thank Alin Rad Pop of Secunia Research for responsibly disclosing this issue.
Red Hat would like to thank Alin Rad Pop of Secunia Research for responsibly disclosing this issue.
Red Hat would like to thank Aleksander Adamowski for reporting this issue.
Red Hat would like to thank Dan Kaminsky for reporting this issue.
Red Hat would like to thank David Remahl of the Apple Product Security team
for responsibly reporting these issues.
Red Hat would like to thank David Remahl of the Apple Product Security team
for responsibly reporting these issues.
Red Hat would like to thank Drew Yao of the Apple Product Security team for
reporting this issue.
Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting this issue.
Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting this issue.
Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting this issue.
Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting this issue.
Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting this issue.
Red Hat would like to thank Chris Evans and oCERT for reporting this vulnerability.
Red Hat would like to thank Sebastian Krahmer for responsibly disclosing
this issue.
Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting this issue.
Red Hat would like to thank Justin Cappos and Justin Samuel for discussing
various package update mechanism flaws which led to our discovery of this
issue.
Red Hat would like to thank Andreas Solberg for responsibly disclosing this
issue.
Red Hat would like to thank "regenrecht" for reporting this issue.
Red Hat would like to thank "regenrecht" for reporting this issue.
Red Hat would like to thank "regenrecht" for reporting this issue.
Red Hat would like to thank Stéphane Bertin for responsibly disclosing this
issue.
Red Hat would like to thank Drew Yao of the Apple Product Security team for
reporting this issue.
Red Hat would like to thank Drew Yao of the Apple Product Security team for
reporting this issue.
Credit: Google Security Team (for the original OpenSSL issue),
Florian Weimer for spotting that BIND9 was vulnerable.
Red Hat would like to thank Braden Thomas and Drew Yao of the Apple Product Security team for responsibly reporting these flaws.
Red Hat would like to thank Braden Thomas and Drew Yao of the Apple Product
Security team for responsibly reporting these flaws.
Red Hat would like to thank Aaron Sigel of the Apple Product Security team and iDefense for responsibly reporting this flaw.
Red Hat would like to thank Braden Thomas and Drew Yao of the Apple Product
Security team for responsibly reporting this flaw.
Red Hat would like to thank Alin Rad Pop of Secunia Research for
responsibly reporting this flaw.
Red Hat would like to thank Ludwig Nussel for reporting this flaw responsibly.
Red Hat would like to thank Ludwig Nussel for reporting this flaw responsibly.
Red Hat would like to thank Chris Evans from the Google Security Team for
reporting this issue.
Red Hat would like to thank Chris Evans from the Google Security Team for reporting these issues.
Red Hat would like to thank Chris Evans from the Google Security Team for
reporting these issues.
Red Hat would like to thank Erik Sjölund for reporting this issue.
Red Hat would like to thank Will Dormann of the CERT/CC for responsibly reporting this flaw.
Red Hat would like to thank Will Dormann of the CERT/CC for responsibly
reporting these flaws.
Red Hat would like to thank Anibal Sacco from Core Security Technologies
for reporting this issue.
Red Hat would like to thank Will Dormann of the CERT/CC for responsibly
reporting this flaw.
Red Hat would like to thank Will Dormann of the CERT/CC for responsibly
reporting this flaw.
Red Hat would like to thank Will Dormann of the CERT/CC for responsibly
reporting these flaws.
Red Hat would like to thank Will Dormann of the CERT/CC for responsibly
reporting these flaws.
Red Hat would like to thank Will Dormann of the CERT/CC for responsibly
reporting this flaw.
Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for
responsibly reporting this flaw.
Red Hat would like to thank Will Dormann of the CERT/CC for responsibly reporting this flaw.
Red Hat would like to thank Will Dormann of the CERT/CC for responsibly
reporting this flaw.
Red Hat would like to thank Will Drewry for reporting this issue.
Red Hat would like to thank Swen van Brussel for reporting this issue.
Red Hat would like to thank Tavis Ormandy of the Google Security Team for
responsibly reporting this flaw.
Red Hat would like to thank Stefan Cornelius of Secunia Research for responsibly reporting this flaw.
Red Hat would like to thank Ramon de C. Valle for reporting this issue.
Red Hat would like to thank Ramon de C. Valle for reporting this issue.
Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google
Security Team for responsibly reporting this flaw.
Red Hat would like to thank Tavis Ormandy and Julien Tinnes of the Google
Security Team for responsibly reporting this flaw.
Red Hat would like to thank Aaron Sigel of Apple Product Security for
responsibly reporting this issue.
Red Hat would like to thank Adam Zabrocki for reporting this issue.
Red Hat would like to thank Chris Rohlf for reporting this issue.
Red Hat would like to thank Simon Vallet for responsibly reporting this issue.
Red Hat would like to thank Stefan Cornelius of Secunia Research for reporting this flaw.
Red Hat would like to thank Rafael Dominguez Vega for reporting this issue.
Red Hat would like to thank Christian Johansson of Bitsec AB and Thomas Biege of the SUSE Security Team for independently reporting this issue.
Red Hat would like to thank Tavis Ormandy of Google Security Team for reporting this issue.
Red Hat would like to thank STMicroelectronics for responsibly reporting this issue.
Red Hat would like to thank Aki Helin of the Oulu University Secure
Programming Group for responsibly reporting this flaw.
Red Hat would like to thank Telesys Software for responsibly reporting this
issue.
Red Hat would like to thank CERT-FI for responsibly reporting this flaw, who
credit Ilkka Mattila and Tuomas Salomäki for the discovery of the issue.
Red Hat would like to thank CERT-FI for responsibly reporting this flaw, who credit Ilkka Mattila and Tuomas Salomäki for the discovery of the issue.
Red Hat would like to thank Mathias Krause for reporting this issue.
Red Hat would like to thank Sebastian Krahmer for reporting this issue.
Red Hat would like to thank Ramon de C. Valle for reporting this issue.
Red Hat would like to thank Sadrul Habib Chowdhury of the Pidgin project for responsibly reporting this issue.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank Sebastian Krahmer of SuSE Security Team for responsibly reporting this issue.
Red Hat would like to thank the Apple Product Security team for responsibly reporting this issue. Upstream acknowledges Adrian 'pagvac' Pastor of GNUCITIZEN and Tim Starling as the original reporters.
Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting this issue.
Red Hat would like to thank the Apple Product Security team for responsibly reporting this issue. Upstream acknowledges regenrecht as the original reporter.
Red Hat would like to thank Jakob Lell for responsibly reporting
this issue.
Red Hat would like to thank Daniel Stenberg for responsibly reporting this issue. Upstream acknowledges Wesley Miaw as the original reporter.
Red Hat would like to thank Stefano Di Paola and Giorgio Fedon of Minded Security for responsibly reporting this issue.
Red Hat would like to thank the Debian Security Team for reporting this issue. The Debian Security Team acknowledges Ronald Volgers as the original reporter.
Red Hat would like to thank Dan Rosenberg for responsibly
reporting these flaws.
Red Hat would like to thank Dan Rosenberg for responsibly
reporting these flaws.
MITRE has rejected the use of CVE-2009-3297 because it was used for samba, ncpfs, and fuse when it should only have been used for Samba.
Red Hat would like to thank the Ubuntu Security Team for reporting this issue. The Ubuntu Security Team acknowledges Dan Rosenberg as the original reporter.
Red Hat would like to thank Marcus Meissner for reporting this issue.
Red Hat would like to thank Neil Brown for reporting this issue.
Red Hat would like to thank Ang Way Chuang for reporting this issue.
Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges Ralf Philipp Weinmann working with TippingPoint's Zero Day Initiative as the original reporter.
Red Hat would like to thank John Sullivan for responsibly
reporting this flaw.
Red Hat would like to thank Todd C. Miller, the upstream sudo maintainer, for responsibly reporting this issue. Upstream acknowledges Valerio Costamagna as the original reporter.
Red Hat would like to thank Tim Bunce for responsibly reporting this issue. Upstream acknowledges Nick Cleaton as the original reporter.
Red Hat would like to thank Tim Bunce for responsibly reporting
this issue.
Red Hat would like to thank Jukka Taimisto and Olli Jarva of Codenomicon Ltd, Nokia Siemens Networks, and Wind River on behalf of their customer, for reporting this issue.
Red Hat would like to thank the MIT Kerberos Team for responsibly reporting this issue. Upstream acknowledges Shawn Emery of Oracle as the original reporter.
Red Hat would like to thank the MIT Kerberos Team for reporting this issue. Upstream acknowledges Mike Roszkowski as the original reporter.
Red Hat would like to thank the MIT Kerberos Team for reporting this issue.
Red Hat would like to thank the MIT Kerberos Team for reporting this issue.
Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue.
Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges Matthieu Bonetti of VUPEN Vulnerability Research Team as the original reporter.
Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges wushi of team509, working with TippingPoint's Zero Day Initiative as the original reporter.
Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges wushi of team509, working with TippingPoint's Zero Day Initiative as the original reporter.
Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges wushi of team509, working with TippingPoint's Zero Day Initiative as the original reporter.
Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges wushi of team509, working with TippingPoint's Zero Day Initiative as the original reporter.
Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges regenrecht working with iDefense as the original reporter.
Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges wushi of team509, working with TippingPoint's Zero Day Initiative as the original reporter.
Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges wushi of team509, working with TippingPoint's Zero Day Initiative as the original reporter.
Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges wushi of team509, working with TippingPoint's Zero Day Initiative, as the original reporter.
Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges wushi of team509, working with TippingPoint's Zero Day Initiative, as the original reporter.
Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges Ojan Vafai of Google Inc. as the original reporter.
Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges Aki Helin of OUSPG as the original reporter.
Red Hat would like to thank Apple Product Security for responsibly
reporting this flaw, who credit Kevin Finisterre of digitalmunition.com for
the discovery of the issue.
Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges Dave Bowker of davebowker.com as the original reporter.
Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges Mark Dowd of Azimuth Security as the original reporter.
Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges Aki Helin of OUSPG as the original reporter.
Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges wushi of team509 as the original reporter.
Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges kuzzcc, and Skylined of Google Chrome Security Team, as the original reporters.
Red Hat would like to thank Mario Mikocevic for responsibly reporting this issue.
Red Hat would like to thank Tim Bunce for responsibly reporting this flaw.
Upstream credits also Rafaël Garcia-Suarez for discovering of this issue.
Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Pierre Noguès of Meta Security as the original reporter.
Red Hat would like to thank Dan Rosenberg for responsibly reporting this issue.
Red Hat would like to thank Dan Rosenberg for responsibly reporting this issue.
Red Hat would like to thank Anders Kaseorg and Evan Broder of Ksplice, Inc. for responsibly reporting this issue.
Red Hat would like to thank the Apple Product Security team for responsibly reporting this flaw. Upstream acknowledges Luca Carettoni as the original reporter.
Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges wushi of team509, working with TippingPoint's Zero Day Initiative, as the original reporter.
Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges Yaar Schnitman of Google Inc. as the original reporter.
Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges Mark Dowd as the original reporter.
Red Hat would like to thank Drew Yao of Apple Product Security for
responsibly reporting this issue. Upstream acknowledges James Robinson of
Google Inc. as the original reporter.
Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges Skylined of Google Chrome Security Team as the original reporter.
Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges wushi of team509, working with TippingPoint's Zero Day Initiative, as the original reporter.
Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue.
Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges Justin Schuh as the original reporter.
Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue.
Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue. Upstream acknowledges wushi of team509 as the original reporter.
Red Hat would like to thank Braden Thomas of the Apple Product Security team
for reporting these issues.
Red Hat would like to thank Rodrigo Rubira Branco of Check Point Vulnerability Discovery Team for responsibly reporting this issue.
Red Hat would like to thank Meder Kydyraliev of Google Security Team
for responsibly reporting this issue.
Red Hat would like to thank the Samba team for responsibly reporting this issue. Upstream acknowledges Jun Mao as the original reporter.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank the Vulnerability Research Team at TELUS Security Labs and Fujita Tomonori for responsibly reporting these flaws.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank Doug Knight of University of Alaska for reporting this issue.
Red Hat would like to thank the X.Org security team for reporting this issue. Upstream acknowledges Rafal Wojtczuk as the original reporter.
Red Hat would like to thank Jeremy Nickurak for reporting this issue.
Red Hat would like to thank Andre Osterhues for reporting this issue.
Red Hat would like to thank Robert Święcki of the Google Security Team for the discovery of this issue.
Red Hat would like to thank Robert Święcki of the Google Security Team for the
discovery of this issue.
Red Hat would like to thank Robert Święcki of the Google Security Team for the discovery of this issue.
Red Hat would like to thank Robert Święcki of the Google Security Team for the
discovery of this issue.
Red Hat would like to thank Robert Święcki of the Google Security Team for the
discovery of these issues.
Red Hat would like to thank Dan Rosenberg for responsibly reporting this issue.
Red Hat would like to thank Dan Rosenberg for responsibly reporting this issue.
Red Hat would like to thank the Evince development team for reporting this issue. Upstream acknowledges Jon Larimer of IBM X-Force as the original reporter.
Red Hat would like to thank the Evince development team for reporting this issue. Upstream acknowledges Jon Larimer of IBM X-Force as the original reporter.
Red Hat would like to thank the Evince development team for reporting this issue. Upstream acknowledges Jon Larimer of IBM X-Force as the original reporter.
Red Hat would like to thank the Evince development team for reporting this issue. Upstream acknowledges Jon Larimer of IBM X-Force as the original reporter.
Red Hat would like to thank Grant Diffey of CenITex for reporting this issue.
Red Hat would like to thank Kees Cook for reporting this issue.
Red Hat would like to thank Ted Brunell for reporting this issue.
Red Hat would like to thank Emmanuel Bouillon of NATO C3 Agency for reporting this issue.
Red Hat would like to thank Tavis Ormandy for reporting this issue.
Red Hat would like to thank Markus Wuethrich of Swiss Post - PostFinance
for reporting this issue.
Red Hat would like to thank Tavis Ormandy for reporting this issue.
Red Hat would like to thank Kees Cook for reporting this issue.
Red Hat would like to thank Kees Cook for reporting this issue.
Red Hat would like to thank Toshiyuki Okajima for reporting this issue.
Red Hat would like to thank Tavis Ormandy for reporting this issue.
Red Hat would like to thank Tavis Ormandy for reporting this issue.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank Robert Swiecki of Google Security Team for reporting this issue.
Red Hat would like to thank Tavis Ormandy for reporting this issue.
Red Hat would like to thank Ben Hawkes for reporting this issue.
Red Hat would like to thank Tavis Ormandy for reporting this issue.
Red Hat would like to thank Mark Sapiro for reporting these flaws.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank Ben Hawkes for reporting this issue.
Red Hat would like to thank the Openswan project for reporting this issue. Upstream acknowledges D. Hugh Redelmeier and Paul Wouters as the original reporters.
Red Hat would like to thank the Openswan project for reporting this issue.
Upstream acknowledges D. Hugh Redelmeier and Paul Wouters as the original
reporters.
Red Hat would like to thank Raphael Geissert for reporting this issue.
Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting this issue.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank OpenOffice.org for reporting this issue. Upstream acknowledges Dan Rosenberg of Virtual Security Research as the original reporter.
Red Hat would like to thank OpenOffice.org for reporting this issue. Upstream acknowledges Dan Rosenberg of Virtual Security Research as the original reporter.
Red Hat would like to thank OpenOffice.org for reporting this issue. Upstream acknowledges Dan Rosenberg of Virtual Security Research as the original reporter.
Red Hat would like to thank OpenOffice.org for reporting this issue. Upstream acknowledges Dan Rosenberg of Virtual Security Research as the original reporter.
Red Hat would like to thank Dmitri Gribenko for reporting this issue.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank the Pidgin project for reporting these issues. Upstream acknowledges Daniel Atallah as the original reporter.
Red Hat would like to thank the Openswan project for reporting this issue.
Upstream acknowledges D. Hugh Redelmeier and Paul Wouters as the original
reporters.
Red Hat would like to thank the Openswan project for reporting this issue.
Upstream acknowledges D. Hugh Redelmeier and Paul Wouters as the original
reporters.
Red Hat would like to thank Ralph Loader for reporting this issue.
Red Hat would like to thank Tavis Ormandy for reporting this issue.
Red Hat would like to thank Ben Hawkes and Tavis Ormandy for reporting this issue.
Red Hat would like to thank Brad Spengler for reporting this issue.
Red Hat would like to thank Kees Cook for reporting this issue.
Red Hat would like to thank Ole Husgaard of eXerp.com for reporting this issue.
Red Hat would like to thank Rob Hulswit for reporting this issue.
Red Hat would like to thank Thomas Pollet for reporting this issue.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue.
Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue.
Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue.
Red Hat would like to thank Nelson Elhage for reporting this issue.
Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue.
Red Hat would like to thank Dan Rosenberg of Virtual Security Research for reporting this issue.
Red Hat would like to thank the Google Security Team for reporting this issue. Upstream acknowledges Bui Quang Minh from Bkis as the original reporter.
Red Hat would like to thank Geoff Keating of the Apple Product Security
team for reporting this issue.
Red Hat would like to thank the MIT Kerberos Team for reporting this issue.
Red Hat would like to thank the MIT Kerberos Team for reporting this issue.
Red Hat would like to thank Vasiliy Kulikov of Openwall and Kees Cook for reporting this issue.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank Steve Chen for reporting this issue.
Red Hat would like to thank Tavis Ormandy for reporting this issue.
Red Hat would like to thank Tavis Ormandy for reporting this issue.
Red Hat would like to thank Leif Nixon for reporting this issue.
Red Hat would like to thank Vladymyr Denysov for reporting this issue.
Red Hat would like to thank Alan Cox for reporting this issue.
Red Hat would like to thank Brad Spengler for reporting this issue.
Red Hat would like to thank Vegard Nossum for reporting this issue.
Red Hat would like to thank Vegard Nossum for reporting this issue.
Red Hat would like to thank Nelson Elhage for reporting this issue.
Red Hat would like to thank Kosuke Tatsukawa for reporting this issue.
Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting this issue.
Red Hat would like to thank Sebastian Krahmer for reporting this issue.
Red Hat would like to thank the TippingPoint Zero Day Initiative project for reporting this issue. The original issue reporter wishes to stay anonymous.
Red Hat would like to thank Stephan Mueller of atsec information security for reporting this issue.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank the Pidgin project for reporting this issue.
Upstream acknowledges Stu Tomlinson as the original reporter.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank OpenOffice.org for reporting this issue.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank Kees Cook for reporting this issue.
Red Hat would like to thank Kees Cook for reporting this issue.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank Nadav Amit for reporting this issue.
Red Hat would like to thank Emmanuel Bouillon of NATO C3 Agency for reporting this issue.
Red Hat would like to thank Phil Pennock for reporting this issue.
Red Hat would like to thank Mozilla Security Team for reporting this issue.
Red Hat would like to thank Drew Yao of the Apple Product Security team for reporting this issue.
Red Hat would like to thank Apple Product Security for reporting this issue.
Red Hat would like to thank the MIT Kerberos project for reporting
this issue. Upstream acknowledges Kevin Longfellow of Oracle Corporation
as the original reporter.
Red Hat would like to thank the MIT Kerberos project for reporting
this issue.
Red Hat would like to thank the CERT/CC for reporting CVE-2011-0411. The CERT/CC acknowledges Wietse Venema as the original reporter.
Red Hat would like to thank Internet Systems Consortium for reporting this issue.
Red Hat would like to thank Maksymilian Arciemowicz for reporting this issue.
Red Hat would like to thank Nico Golde of Debian Security Team
for reporting this issue. Debian Security Team acknowledges
'Teeed' as the original issue reporter.
Red Hat would like to thank Matthieu Herrb for reporting this issue. Upstream acknowledges Sebastian Krahmer of the SuSE Security Team as the original reporter.
This issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team.
Red Hat would like to thank Andrew Kerr for reporting this issue.
Red Hat would like to thank Mark Sapiro for reporting these flaws.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank Rafael Dominguez Vega for reporting this issue.
Red Hat would like to thank Adam Prince for reporting this issue.
Red Hat would like to thank Hyrum Wright of the Apache Subversion project
for reporting this issue. Upstream acknowledges Philip Martin, WANdisco, Inc. as the original reporter.
Red Hat would like to thank Thomas Biege of the SuSE Security Team
for reporting this issue.
Red Hat would like to thank Thomas Biege of the SuSE Security Team
for reporting this issue.
Red Hat would like to thank the Samba team for reporting this issue. Upstream acknowledges Volker Lendecke of SerNet as the original reporter.
Red Hat would like to thank Kees Cook for reporting this issue.
Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for reporting this issue.
Red Hat would like to thank Sebastian Krahmer of the SuSE Security Team for reporting this issue.
Red Hat would like to thank Nelson Elhage for reporting this issue.
Red Hat would like to thank Timo Warns for reporting this issue.
Red Hat would like to thank Tavis Ormandy for reporting this issue.
Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue.
Red Hat would like to thank Kees Cook for reporting this issue.
Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue.
Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue.
Red Hat would like to thank Nelson Elhage for reporting this issue.
Red Hat would like to thank Nelson Elhage for reporting this issue.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank the Pidgin project for reporting these issues.
Upstream acknowledges Marius Wachtler as the original reporter.
Red Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum
for reporting this issue.
Red Hat would like to thank Wayne Davison and Matt McCutchen for reporting this issue.
This issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team.
Red Hat would like to thank Peter Huewe for reporting this issue.
Red Hat would like to thank Peter Huewe for reporting this issue.
Red Hat would like to thank Timo Warns for reporting this issue.
Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue.
Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue.
Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue.
Red Hat would like to thank Julien Tinnes of Google Security Team for reporting this issue.
Red Hat would like to thank Nicolas Grégoire and Aleksey Sanin for reporting this issue.
Red Hat would like to thank Ryan Sweat for reporting this issue.
Red Hat would like to thank Martin Kouba from IT SYSTEMS a.s. for reporting this issue.
Red Hat would like to thank Neel Mehta of Google for reporting this issue.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank the MIT Kerberos project for reporting this issue. Upstream acknowledges Tim Zingelman as the original reporter.
Red Hat would like to thank the MIT Kerberos project for reporting this issue. Upstream acknowledges Andrej Ota as the original reporter.
Red Hat would like to thank the MIT Kerberos project for reporting this issue.
Red Hat would like to thank Ryan Sweat for reporting this issue.
Red Hat would like to thank Timo Warns for reporting this issue.
Red Hat would like to thank Robert Swiecki for reporting this issue.
Red Hat would like to thank Thomas Biege of the SuSE Security Team
for reporting this issue.
Red Hat would like to thank Cendio AB for reporting this issue. Cendio AB acknowledges an anonymous contributor working with the SecuriTeam Secure Disclosure program as the original reporter.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank the CERT/CC for reporting CVE-2011-1720. Upstream
acknowledges Thomas Jarosch of Intra2net AG as the original reporter.
Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue.
Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue.
Red Hat would like to thank Oliver Hartkopp for reporting this issue.
Red Hat would like to thank Nelson Elhage for reporting this issue.
Red Hat would like to thank the Apache Subversion project for reporting this
issue. Upstream acknowledges Joe Schaefer of Apache Software Foundation as the
original reporter.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank Timo Warns for reporting this issue.
Red Hat would like to thank the Apache Subversion project for reporting this
issue. Upstream acknowledges Ivan Zhakov of VisualSVN as the original reporter.
Red Hat would like to thank the Ubuntu Security Team for reporting these issues. The Ubuntu Security Team acknowledges Vasiliy Kulikov of Openwall and Dan Rosenberg as the original reporters.
Red Hat would like to thank the Ubuntu Security Team for reporting these issues. The Ubuntu Security Team acknowledges Vasiliy Kulikov of Openwall and Dan Rosenberg as the original reporters.
Red Hat would like to thank the Ubuntu Security Team for reporting this issue. The Ubuntu Security Team acknowledges Vasiliy Kulikov of Openwall and Dan Rosenberg as the original reporters.
Red Hat would like to thank the Ubuntu Security Team for reporting this issue. The Ubuntu Security Team acknowledges Dan Rosenberg and Marc Deslauriers as the original reporters.
Red Hat would like to thank the Ubuntu Security Team for reporting this issue. The Ubuntu Security Team acknowledges Marc Deslauriers as the original reporter.
Red Hat would like to thank the Ubuntu Security Team for reporting this issue. The Ubuntu Security Team acknowledges Vasiliy Kulikov of Openwall as the original reporter.
Red Hat would like to thank the Apache Subversion project for reporting this
issue. Upstream acknowledges Kamesh Jayachandran of CollabNet, Inc. as the
original reporter.
Red Hat would like to thank the CERT/CC for reporting this issue. The CERT/CC acknowledges Billy Bob Brumley and Nicola Tuveri as the original reporters.
This issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team.
This issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team.
Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue.
This issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team.
Red Hat would like to thank Andrea Righi for reporting this issue.
Red Hat would like to thank the ObjectWorks+ Development Team at Nomura Research Institute for reporting this issue.
Red Hat would like to thank Clement Lecigne for reporting this issue.
Red Hat would like to thank Nelson Elhage for reporting this issue.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
This issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team.
Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue.
Red Hat would like to thank the Pidgin project for reporting this issue.
Upstream acknowledges Mark Doliner as the original reporter.
Red Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum
for reporting this issue.
Red Hat would like to thank Vasily Averin for reporting this issue.
Red Hat would like to thank Marek Kroemeke and Filip Palian for reporting this issue.
Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue.
Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue.
Red Hat would like to thank Robert Swiecki for reporting this issue.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank Peter Robinson for reporting this issue.
Red Hat would like to thank Marco Slaviero of SensePost for reporting this issue.
Red Hat would like to thank Li Yu for reporting this issue.
Red Hat would like to thank the Samba project for reporting this issue.
Upstream acknowledges Yoshihiro Ishikawa of LAC Co., Ltd. as the original reporter.
Red Hat would like to thank the Apache Tomcat project for reporting this issue.
Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue.
Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION as the original reporter.
Red Hat would like to thank Fernando Gont for reporting this issue.
This issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team.
Red Hat would like to thank Brent Meshier for reporting this issue.
Red Hat would like to thank Daniel Karanja Muturi for reporting this issue.
Red Hat would like to thank Nils Juenemann and The Bearded Warriors for independently reporting this issue.
Red Hat would like to thank Nils Juenemann for reporting this issue.
Red Hat would like to thank Christopher Hartley of The Ohio State University for reporting this issue.
Red Hat would like to thank the Pidgin project for reporting this issue.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mateusz Jurczyk of the Google Security Team as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ken Russell of Google as the original reporter.
Red Hat would like to thank the Ubuntu Security Team for reporting this issue. The Ubuntu Security Team acknowledges Sauli Pahlman as the original reporter.
Red Hat would like to thank Kees Cook of Google ChromeOS Team for reporting this issue.
Red Hat would like to thank Kees Cook of Google ChromeOS Team for reporting
this issue.
Red Hat would like to thank Dan Kaminsky for reporting this issue.
Red Hat would like to thank Darren Lavender for reporting this issue.
Red Hat would like to thank Matt McCutchen for reporting this issue.
Red Hat would like to thank Greg Banks for reporting this issue.
Red Hat would like to thank Yasuaki Ishimatsu for reporting this issue.
Red Hat would like to thank CERT-FI for reporting this issue. CERT-FI acknowledges Riku Hietamäki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters.
Red Hat would like to thank CERT-FI for reporting this issue. CERT-FI acknowledges Riku Hietamäki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters.
Red Hat would like to thank CERT-FI for reporting this issue. CERT-FI acknowledges Riku Hietamäki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters.
Red Hat would like to thank CERT-FI for reporting this issue. CERT-FI acknowledges Riku Hietamäki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters.
Red Hat would like to thank CERT-FI for reporting this issue. CERT-FI acknowledges Riku Hietamäki, Tuomo Untinen and Jukka Taimisto of the Codenomicon CROSS project as the original reporters.
Red Hat would like to thank Sylvain Maes for reporting this issue.
Red Hat would like to thank Somnath Kotur for reporting this issue.
Red Hat would like to thank Yogesh Sharma for reporting this issue.
Red Hat would like to thank Matt McCutchen for reporting this issue.
Red Hat would like to thank Context Information Security for reporting this issue.
Red Hat would like to thank Cyrus IMAP project for reporting this issue. Upstream acknowledges Stefan Cornelius of Secunia Research as the original reporter.
Red Hat would like to thank the Openswan project for reporting this issue. Upstream acknowledges Paul Wouters as the original reporter.
Red Hat would like to thank Kevan Carstensen for reporting this issue.
Red Hat would like to thank Kevan Carstensen for reporting this issue.
Red Hat would like to thank Kevan Carstensen for reporting this issue.
Red Hat would like to thank Gideon Naim for reporting this issue.
Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue.
Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue.
Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue.
Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue.
Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting this issue.
Red Hat would like to thank David Black for reporting this issue.
Red Hat would like to thank David Black for reporting this issue.
Red Hat would like to thank Zheng Liu for reporting this issue.
Red Hat would like to thank the Puppet team for reporting this issue. Upstream acknowledges Ricky Zhou as the original reporter.
Red Hat would like to thank researcher with a nickname vladz for reporting this issue.
Red Hat would like to thank researcher with a nickname vladz for reporting this
issue.
Red Hat would like to thank the Openswan project for reporting this issue. Upstream acknowledges Petar Tsankov, Mohammad Torabi Dashti and David Basin of the information security group at ETH Zurich as the original reporters.
Red Hat would like to thank Nick Bowler for reporting this issue.
Red Hat would like to thank oCERT for reporting this issue. oCERT acknowledges Julian Wälde and Alexander Klink as the original reporters.
Red Hat would like to thank Jan Iven for reporting this issue.
Red Hat would like to thank Shubham Goyal for reporting this issue.
This issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team.
Red Hat would like to thank Andy Adamson for reporting this issue.
Red Hat would like to thank Clement Lecigne for reporting this issue.
Red Hat would like to thank William Hoffmann for reporting this issue.
Red Hat would like to thank Sasha Levin for reporting this issue.
Red Hat would like to thank oCERT for reporting this issue. oCERT acknowledges Julian Wälde and Alexander Klink as the original reporters.
Red Hat would like to thank Jonathan Foote of the CERT Coordination Center for reporting this issue.
Red Hat would like to thank Jonathan Foote of the CERT Coordination Center for reporting this issue.
Red Hat would like to thank Tyler Krpata for reporting this issue.
Red Hat would like to thank Tetsuo Handa for reporting this issue. Upstream acknowledges Mathieu Desnoyers as the original reporter.
Red Hat would like to thank the Pidgin project for reporting these issues.
Upstream acknowledges Evgeny Boger as the original reporter.
Red Hat would like to thank the Pidgin project for reporting these issues.
Upstream acknowledges Thijs Alkemade as the original reporter.
Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Diego Bauche Madero from IOActive as the original reporter.
Red Hat would like to thank Paul Kot for reporting this issue.
Red Hat would like to thank Christian Schlüter (VIADA) for reporting this issue.
Red Hat would like to thank NTT OSSC for reporting this issue.
Red Hat would like to thank Maynard Johnson for reporting this issue.
Red Hat would like to thank Masaki Tachibana for reporting this issue.
Red Hat would like to thank oCERT for reporting this issue. oCERT acknowledges Julian Wälde and Alexander Klink as the original reporters.
Red Hat would like to thank oCERT for reporting this issue. oCERT acknowledges Julian Wälde and Alexander Klink as the original reporters.
Red Hat would like to thank oCERT for reporting this issue. oCERT acknowledges Julian Wälde and Alexander Klink as the original reporters.
Red Hat would like to thank oCERT for reporting this issue. oCERT acknowledges Julian Wälde and Alexander Klink as the original reporters.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank Dan Rosenberg for reporting this issue.
Red Hat would like to thank oCERT for reporting this issue. oCERT acknowledges Julian Wälde and Alexander Klink as the original reporters.
Red Hat would like to thank Nicolae Mogoreanu for reporting this issue.
Red Hat would like to thank the cURL project for reporting this issue.
Upstream acknowledges Dan Fandrich as the original reporter.
Red Hat would like to thank Timothy D. Morgan of VSR for reporting this issue.
Red Hat would like to thank Wang Xi for reporting this issue.
Red Hat would like to thank Chen Haogang for reporting this issue.
Red Hat would like to thank Stephan Bärwolf for reporting this issue.
Red Hat would like to thank Jüri Aedla for reporting this issue.
This issue was discovered by Ramon de C Valle of the Red Hat Product Security Team.
This issue was discovered by Ramon de C Valle of the Red Hat Product Security Team.
Red Hat would like to thank Simon McVittie for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue. Upstream acknowledges Rafal Wojtczuk as the original reporter.
Red Hat would like to thank the Xen for reporting this issue.
Red Hat would like to thank the CERT/CC for reporting this issue. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter.
Red Hat would like to thank the CERT/CC for reporting this issue. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter.
Red Hat would like to thank the CERT/CC for reporting this issue. The CERT/CC acknowledges Martin Winter at OpenSourceRouting.org as the original reporter.
Red Hat would like to thank CERT-FI for reporting this issue. CERT-FI acknowledges Aleksis Kauppinen, Joonas Kuorilehto, Tuomas Parttimaa and Lasse Ylivainio of Codenomicon's CROSS project as the original reporters.
Red Hat would like to thank CERT-FI for reporting this issue. CERT-FI acknowledges Aleksis Kauppinen, Joonas Kuorilehto, Tuomas Parttimaa and Lasse Ylivainio of Codenomicon's CROSS project as the original reporters.
Red Hat would like to thank the Mozilla project for reporting these issues.
Red Hat would like to thank the Mozilla project for reporting these issues.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Aki Helin from OUSPG as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Atte Kettunen from OUSPG as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Anne van Kesteren of Opera Software as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges wushi of team509 via iDefense as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Matias Juntunen as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jordi Chancel and Eddy Bordi, and Chris McGowen as the original reporters.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Masato Kinugawa as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ms2ger as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jeroen van der Gun as the original reporter.
Red Hat would like to thank Andrew Lutomirski for reporting this issue.
Red Hat would like to thank Todd C. Miller for reporting this issue. Upstream acknowledges joernchen of Phenoelit as the original reporter.
This issue was discovered by Ramon de C Valle of the Red Hat Product Security Team.
Red Hat would like to thank Graham Leggett for reporting this issue.
Red Hat would like to thank Thomas Swan of FedEx for reporting this issue.
Red Hat would like to thank the Samba team for reporting this issue.
Upstream acknowledges Andy Davis of NGS Secure as the original reporter.
Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for reporting this issue.
This issue was discovered by David Jorm of the Red Hat Security Response Team.
Red Hat would like to thank Kees Cook for reporting this issue.
Red Hat would like to thank Ludwig Nussel of the SUSE security team for reporting this issue.
Red Hat would like to thank H. Peter Anvin for reporting this issue.
This issue was discovered by Dominic Cleal of Red Hat
Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue.
Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue.
Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue.
Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue.
Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue.
Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue.
Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue.
Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue.
Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue.
Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue.
Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue.
Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue.
Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue.
Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue.
Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue.
Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue.
Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue.
Red Hat would like to thank Mateusz Jurczyk of the Google Security Team for reporting this issue.
Upstream acknowledges Tielei Wang via Secunia SVCRP as the original reporter of this issue.
Red Hat would like to thank oCERT for reporting this issue. oCERT acknowledges Julian Wälde and Alexander Klink as the original reporters.
Red Hat would like to thank Timo Warns for reporting this issue.
Red Hat would like to thank Timo Warns for reporting this issue.
Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting this issue.
Red Hat would like to thank Matthew Hall of Mu Dynamics for reporting this issue.
Red Hat would like to thank CERT-FI for reporting this issue. CERT-FI acknowledges Aleksis Kauppinen, Joonas Kuorilehto, Tuomas Parttimaa and Lasse Ylivainio of Codenomicon's CROSS project as the original reporters.
Red Hat would like to thank the CERT/CC for reporting this issue. The CERT/CC acknowledges Denis Ovsienko as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue.
Upstream acknowledges Igor Bukanov, Olli Pettay, Boris Zbarsky, and Jesse
Ruderman as the original reporters.
Red Hat would like to thank the Mozilla project for reporting this issue.
Upstream acknowledges Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew McCreight, and Brian Bondy as the original reporters.
Red Hat would like to thank the Mozilla project for reporting this issue.
Upstream acknowledges Christian Holler as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue.
Upstream acknowledges security researcher Abhishek Arya of Google as the
original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue.
Upstream acknowledges security researcher Abhishek Arya of Google as the
original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue.
Upstream acknowledges security researcher Adam Barth as the original
reporter.
Red Hat would like to thank the Mozilla project for reporting this issue.
Upstream acknowledges security researcher Paul Stone as the original
reporter.
Red Hat would like to thank the Mozilla project for reporting this issue.
Upstream acknowledges security researcher Arthur Gerkis as the original
reporter.
Red Hat would like to thank the Mozilla project for reporting this issue.
Upstream acknowledges security researcher Abhishek Arya of Google as the
original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Brian Smith, Gary Kwong, Christian Holler, Jesse Ruderman, Christoph Diehl, Chris Jones, Brad Lassey, and Kyle Huey as the original reporters. These flaws affected Firefox 13.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges security researcher Mario Gomes and research firm Code Audit Labs as the original reporters of this issue.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Google security researcher Abhishek Arya as the original reporter of this issue.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Google security researcher Abhishek Arya as the original reporter of this issue.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Google security researcher Abhishek Arya as the original reporter of this issue.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Google security researcher Abhishek Arya as the original reporter of this issue.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security researcher Mariusz Mlynski as the original reporter of this issue.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security researcher Mariusz Mlynski as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security researcher Mario Heiderich as the original reporter of this issue.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security researcher Arthur Gerkis as the original reporter of this flaw.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla developer Bobby Holley as the original reporter of this issue.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Google developer Tony Payne as the original reporter of this issue.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla developer Frédéric Buclin as the original reporter of this issue.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security researcher Bill Keese as the original reporter of this issue.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security researcher Karthikeyan Bhargavan of Prosecco at INRIA as the original reporter of this flaw.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security Researcher Matt McCutchen for reporting this issue.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security researchers Mario Gomes and Soroush Dalili as the original reporters of this issue.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges moz_bug_r_a4 as the original reporter of this issue.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges moz_bug_r_a4 as the original reporter of this issue.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherland, and Jason Smith as the original reporters. These flaws affected Firefox 14.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security researcher Abhishek Arya (Inferno) of Google Chrome Security Team as the original reporter of this flaw.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security researcher Abhishek Arya (Inferno) of Google Chrome Security Team as the original reporter of this flaw.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security researcher Abhishek Arya (Inferno) of Google Chrome Security Team as the original reporter of this flaw.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security researcher Abhishek Arya (Inferno) of Google Chrome Security Team as the original reporter of this flaw.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security researcher Abhishek Arya (Inferno) of Google Chrome Security Team as the original reporter of this flaw.
Red Hat would like to thank Puppet Labs for reporting this issue.
Red Hat would like to thank Puppet Labs for reporting this issue.
Red Hat would like to thank Puppet Labs for reporting this issue.
Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Ivano Cristofolini as the original reporter of this issue.
Red Hat would like to thank Vadim Ponomarev for reporting this issue.
Red Hat would like to thank Shachar Raindel for reporting this issue.
Red Hat would like to thank Ronald van Zantvoort for reporting this issue.
Red Hat would like to thank Phillips Wolf for reporting this issue.
Upstream acknowledges Rubin Xu and Joseph Bonneau as the original reporters of this issue.
This issue was discovered by the Red Hat Security Response Team.
Red Hat would like to thank Stephan Mueller for reporting this issue.
Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Codenomicon as the original reporter.
Upstream acknowledges Sven Jacobi as the original reporter of this issue.
This issue was discovered by Li Honggang of Red Hat.
This issue was discovered by Jian Li of Red Hat.
This issue was discovered by Red Hat.
Red Hat would like to thank the Apache CXF project for reporting this issue.
Red Hat would like to thank the Apache CXF project for reporting this issue.
Red Hat would like to thank Xinli Niu for reporting this issue.
Upstream acknowledges Timo Warns as the original reporter of this issue.
This issue was discovered by Marek Schmidt and Stan Silvert of Red Hat.
This issue was discovered by Paul Wouters of Red Hat.
These issues were discovered by Florian Weimer of the Red Hat Product Security Team.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
This issue was discovered by Stanislav Graf of Red Hat.
These issues were discovered by Florian Weimer of the Red Hat Product Security Team.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
Red Hat would like to thank Ray Rocker for reporting this issue.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
Red Hat would like to thank oCERT for reporting this issue. oCERT acknowledges Julian Wälde and Alexander Klink as the original reporters.
Red Hat would like to thank Antonios Atlasis working with Beyond Security's SecuriTeam Secure Disclosure program for reporting this issue.
Red Hat would like to thank Joseph Sheridan of Reaction Information Security for reporting this issue.
Red Hat would like to thank Chris Evans of the Google Security Team for reporting this issue. Upstream acknowledges Atte Kettunen as the original reporter
Red Hat would like to thank Dan Fandrich for reporting this issue. Upstream acknowledges Mateusz Jurczyk of the Google Security Team as the original reporter.
Red Hat would like to thank Dan Fandrich for reporting this issue. Upstream acknowledges Mateusz Jurczyk of the Google Security Team as the original reporter.
Red Hat would like to thank Dan Fandrich for reporting this issue. Upstream acknowledges Mateusz Jurczyk of the Google Security Team as the original reporter.
Red Hat would like to thank Dan Fandrich for reporting this issue. Upstream acknowledges Yunho Kim as the original reporter.
Red Hat would like to thank Dan Fandrich for reporting this issue. Upstream acknowledges Yunho Kim as the original reporter.
Red Hat would like to thank Dan Fandrich for reporting this issue.
Red Hat would like to thank Dan Fandrich for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank Joseph Sheridan for reporting this issue.
Red Hat would like to thank George Hedfors of Cybercom Sweden East AB for reporting this issue.
This issue was discovered by Carlo de Wolf of Red Hat.
This issue was discovered by Carlo de Wolf of Red Hat.
Red Hat would like to thank the Pidgin project for reporting this issue.
Upstream acknowledges Ulf Härnhammar as the original reporter.
Red Hat would like to thank Jim Meyering for reporting this issue. Upstream acknowledges Stefano Lattarini as the original reporter.
This issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team.
Red Hat would like to thank Ben Hutchings of Solarflare (tm) for reporting this issue.
Red Hat would like to thank Ken Hahn and Dan Bradley for reporting this issue.
This issue was discovered by the Red Hat Security Response Team.
Red Hat would like to thank Chamal De Silva for reporting this issue.
This issue was discovered by Aleksandar Kostadinov of the Red Hat QE Team.
This issue was discovered by Arun Neelicattu of the Red Hat Security Response Team.
Red Hat would like to thank Sigbjorn Lie of the Atea Norway for reporting this issue.
This issue was discovered by the Red Hat InfiniBand team.
This issue was discovered by Steven Hawkins of Red Hat.
Red Hat would like to thank the Xen for reporting this issue.
Red Hat would like to thank the Xen for reporting this issue.
Red Hat would like to thank the Apache CXF project for reporting this issue.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
Red Hat would like to thank Matthias Weckbecker of the SUSE Security Team for reporting this issue.
Red Hat would like to thank the PostgreSQL project for reporting this
issue. Upstream acknowledges Peter Eisentraut as the original reporter.
Red Hat would like to thank the PostgreSQL project for reporting this
issue. Upstream acknowledges Noah Misch as the original reporter.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue. Upstream acknowledges Matthew Daley as the original reporter.
Red Hat would like to thank the Xen project for reporting this issue. Upstream acknowledges Matthew Daley as the original reporter.
Red Hat would like to thank the Xen project for reporting this issue. Upstream acknowledges Matthew Daley as the original reporter.
Red Hat would like to thank Alexander Peslyak for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank Pablo Neira Ayuso for reporting this issue.
Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for reporting this issue.
These issues were discovered by Trevor Jay of Red Hat Quality Engineering penetration testing.
This issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team.
This issue was discovered by James Laska of Red Hat.
Red Hat would like to thank Thomas Biege of SUSE for reporting this issue.
Red Hat would like to thank Dolph Mathews for reporting this issue.
Red Hat would like to thank Timo Warns of PRESENSE Technologies GmbH for reporting this issue.
Red Hat would like to thank Hafid Lin for reporting this issue.
Upstream acknowledges Markus Hietava of Codenomicon CROSS project as the original reporter of this issue.
Upstream acknowledges Markus Hietava of Codenomicon CROSS project as the original reporter of this issue.
Red Hat would like to thank Puppet Labs for reporting this issue.
Red Hat would like to thank Puppet Labs for reporting this issue.
Red Hat would like to thank Puppet Labs for reporting this issue.
Upstream acknowledges Glen Eustace of Massey University, New Zealand, as the original reporter of this issue.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security researcher Abhishek Arya (Inferno) of Google Chrome Security Team as the original reporter of this flaw.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security researcher Abhishek Arya (Inferno) of Google Chrome Security Team as the original reporter of this flaw.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security researcher Abhishek Arya (Inferno) of Google Chrome Security Team as the original reporter of this flaw.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security researcher Abhishek Arya (Inferno) of Google Chrome Security Team as the original reporter of this flaw.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security researcher Abhishek Arya (Inferno) of Google Chrome Security Team as the original reporter of this flaw.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security researcher Abhishek Arya (Inferno) of Google Chrome Security Team as the original reporter of this flaw.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security researcher Abhishek Arya (Inferno) of Google Chrome Security Team as the original reporter of this flaw.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security researcher Abhishek Arya (Inferno) of Google Chrome Security Team as the original reporter of this flaw.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security researcher Abhishek Arya (Inferno) of Google Chrome Security Team as the original reporter of this flaw.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security researcher Mariusz Mlynski as the original reporter of this flaw.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Frédéric Hoguin as the original reporter of this flaw.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges miaubiz as the original reporter of this flaw.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges miaubiz as the original reporter of this flaw.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Arthur Gerkis as the original reporter of this flaw.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Arthur Gerkis as the original reporter of this flaw.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges security researcher Christoph Diehl as the original reporter of this flaw.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security researcher Nicolas Grégoire as the original reporter of this flaw.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla security researcher Mark Goodwin as the original reporter of this flaw.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla security researcher Masato Kinugawa as the original reporter of this flaw.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla security researcher vsemozhetbyt as the original reporter of this flaw.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges security Security researcher Mark Poticha as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges security Mozilla security researcher moz_bug_r_a4 as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges security Security researcher Colby Russell as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christian Holler and Jesse Ruderman as the original reporters. These flaws affect Firefox 10.0.7 ESR and Firefox 15.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges David Bloom of Cue as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Johnny Stenback as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Soroush Dalili as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges miaubiz as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Alice White as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mariusz Mlynski as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mariusz Mlynski as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mariusz Mlynski as the original reporter
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges moz_bug_r_a4 as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Atte Kettunen as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Atte Kettunen as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Atte Kettunen as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Atte Kettunen as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gareth Heyes as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges moz_bug_r_a4 as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mariusz Mlynski, moz_bug_r_a4 and Antoine Delignat-Lavaud as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mariusz Mlynski, moz_bug_r_a4 and Antoine Delignat-Lavaud as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mariusz Mlynski, moz_bug_r_a4 and Antoine Delignat-Lavaud as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges moz_bug_r_a4 as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Atte Kettunen from OUSPG as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges kakzz.ng@gmail.com as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Scott Bell as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gabor Krizsanits as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Masato Kinugawa as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Peter Van der Beken as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mariusz Mlynski as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mariusz Mlynski as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank Tetsuo Handa for reporting this issue.
Red Hat would like to thank Marc Schönefeld for reporting this issue.
Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank Dolph Mathews for reporting this issue.
These issues were discovered by Kurt Seifried of Red Hat, and Jim Meyering.
This issue was discovered by Wenlong Huang of the Red Hat Virtualization QE Team.
Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for
reporting this issue.
This issue was discovered by Murray McAllister of Red Hat Security Response Team.
Red Hat would like to thank Antonios Atlasis working with Beyond Security's SecuriTeam Secure Disclosure program and Loganaden Velvindron of AFRINIC for reporting this issue.
Red Hat would like to thank Timo Warns of PRESENSE Technologies GmbH for reporting this issue.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
This issue was discovered by Noriko Hosoi of Red Hat.
This issue was discovered by Karel Volný of the Red Hat Quality Engineering team.
This issue was discovered by Peter Jones of the Red Hat Installer Team.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
Red Hat would like to thank Jon Howell for reporting this issue.
This issue was discovered by Daniel Horak of the Red Hat Enterprise MRG Quality Engineering Team.
This issue was discovered by Vit Ondruch of Red Hat.
This issue was discovered by Florian Weimer of Red Hat.
This issue was discovered by Miroslav Lichvar of Red Hat.
This issue was discovered by Tomas Mraz of Red Hat.
This issue was discovered by the Red Hat Security Response Team.
Red Hat would like to thank Theodore Ts'o for reporting this issue. Upstream acknowledges Dmitry Monakhov as the original reporter.
Red Hat would like to thank Vincent Untz for reporting this issue.
This issue was discovered by Florian Weimer of Red Hat Product Security Team.
This issue was discovered by Florian Weimer of Red Hat Product Security Team and Kurt Seifried of the Red Hat Security Response Team.
Red Hat would like to thank the upstream Django project for reporting this vulnerability.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank Arthur Gerkis for reporting this issue.
This issue was discovered by Paolo Bonzini of Red Hat.
Red Hat would like to thank the Xen project for reporting this issue.
This issue was discovered by Marko Myllynen of Red Hat.
This issue was discovered by Arun Neelicattu of the Red Hat Security Response Team.
This issue was discovered by Josef Cacek of the Red Hat JBoss EAP Quality Engineering team.
Red Hat would like to thank Patrick Raspante and Ryan Millay of GDC4S for reporting this issue.
Red Hat would like to thank Patrick Raspante and Ryan Millay of GDC4S for reporting this issue.
This issue was discovered by Huzaifa S. Sidhpurwala of Red Hat Security Response Team.
This issue was discovered by Rodrigo Freire of Red Hat.
This issue was discovered by Josef Cacek of the Red Hat JBoss EAP Quality Engineering team.
Red Hat would like to thank the OpenStack project for reporting this
issue. Upstream acknowledges Gabe Westmaas as the original reporter of
CVE-2012-4573.
This issue was discovered by Kurt Seifried of the Red Hat Security Response Team.
Red Hat would like to thank the Perl project for reporting this issue. Upstream acknowledges Tim Brown as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges David Bloom of Cue as the original reporter.
This issue was discovered by Kurt Seifried of Red Hat Security Response Team.
This issue was discovered by Kurt Seifried of Red Hat Security Response Team.
This issue was discovered by Derek Horton of Red Hat.
This issue was discovered by Kurt Seifried of the Red Hat Security Response Team.
Red Hat would like to thank Petr Menšík for reporting this issue.
This issue was discovered by Aaron Weitekamp of the Red Hat Cloud Quality Engineering team.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
This issue was discovered by Allon Mureinik of Red Hat.
This issue was discovered by Dan Kenigsberg of Red Hat.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank SUSE Security Team for reporting this issue. SUSE Security Team acknowledges Thomas Biege of SUSE as the original issue reporter.
Red Hat would like to thank Hideharu Ohkuma of Ricoh Company for reporting these issues.
This issue was discovered by Florian Weimer of the Red Hat Product Security
Team.
Red Hat would like to thank Stefan Bühler for reporting this issue. Upstream acknowledges Jesse Sipprell from McClatchy Interactive, Inc. as the original reporter.
This issue was discovered by Aaron Weitekamp of the Red Hat Cloud Quality Engineering team.
Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Anndy as the original reporter.
Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Vijaya Erukala as the original reporter.
Red Hat would like to thank Tibor Jager, Kenneth G. Paterson and Juraj Somorovsky of Ruhr-University Bochum for reporting this issue.
This issue was discovered by Huzaifa S. Sidhpurwala of Red Hat Security Response Team.
This issue was discovered by Lukas Zapletal of Red Hat.
This issue was discovered by Og Maciel of Red Hat.
This issue was discovered by James Labocki of Red Hat.
This issue was discovered by Red Hat.
Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Eric Windisch as the original reporter of CVE-2012-5625.
Red Hat would like to thank the Xen project for reporting this issue.
These issues were discovered by Kurt Seifried of the Red Hat Security Response Team and Michael Scherer of the Red Hat Regional IT team.
This issue was discovered by Red Hat.
This issue was discovered by Michael Scherer of the Red Hat Regional IT team.
This issue was discovered by Michael Scherer of the Red Hat Regional IT team.
This issue was discovered by Miloslav Trmač of Red Hat.
Red Hat would like to thank Martin Carpenter of Citco for reporting this issue.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges miaubiz as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges miaubiz as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges miaubiz as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jonathan Stephens as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Masato Kinugawa as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges miaubiz as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Bobby Holley as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jesse Ruderman, Andrew McCreight, Bob Clary, and Kyle Huey as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, and Bill McCloskey as the original reporter.
This issue was discovered by Andrew Cathrow of Red Hat.
This issue was discovered by Dominic Cleal and James Laska of Red Hat.
This issue was discovered by James Laska of Red Hat.
This issue was discovered by Tomas Sedovic of Red Hat.
Red Hat would like to thank Ben Ford of Puppet Labs for reporting this issue.
Red Hat would like to thank Sam Richardson for reporting this issue.
Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Thijs Alkemade and Robert Vehse as the original reporters of this issue.
This issue was discovered by Florian Weimer of Red Hat Product Security.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
This issue was discovered by Michael Scherer of the Red Hat Regional IT team.
This issue was discovered by Michael Scherer of the Red Hat Regional IT team.
This issue was discovered by Michael Scherer of the Red Hat Regional IT team.
This issue was discovered by Dan Kenigsberg of the Red Hat Enterprise Virtualization team.
This issue was discovered by Ondrej Machacek of Red Hat.
This issue was discovered by Tingting Zheng of Red Hat.
This issue was discovered by David Jorm of the Red Hat Security Response Team.
This issue was discovered by David Jorm of the Red Hat Security Response Team.
Red Hat would like to thank the Andrew Cooper of Citrix for reporting this issue.
This issue was discovered by Jeremy Choi of the Red Hat Hosted and Shared
Services team.
Red Hat would like to thank Martin Kosek of Red Hat for reporting this issue.
This issue was discovered by Tim Waugh of Red Hat.
Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Phil Day as the original reporter.
This issue was discovered by Dan Prince of Red Hat.
Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Jann Horn as the original reporter.
Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Jann Horn as the original reporter.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
This issue was discovered by Arun Neelicattu of the Red Hat Security Response Team.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
These issues were discovered by Florian Weimer of the Red Hat Product Security Team.
This issue was discovered by Andrew Jones of Red Hat.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank Simon McVittie for reporting this issue.
This issue was discovered by Dan Prince of Red Hat.
Red Hat would like to that Daniel Stenberg of cURL project for reporting of this issue. Upstream acknowledges researcher known as Volema as the original issue reporter.
Red Hat would like to thank the Qt project for reporting this issue. Upstream acknowledges Tim Brown and Mark Lowe of Portcullis Computer Security Ltd. as the original reporters.
Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Sumit Soni via Secunia SVCRP as the original issue reporter.
Red Hat would like to thank Eric Hodel of RDoc upstream for reporting this issue. Upstream acknowledges Evgeny Ermakov as the original issue reporter.
This issue was discovered by Kurt Seifried of the Red Hat Security Response Team.
This issue was discovered by Trevor McKay of Red Hat.
This issue was discovered by Derek Higgins of the Red Hat OpenStack team.
Red Hat would like to thank Ruby on Rails upstream for reporting this issue. Upstream acknowledges Thomas Hollstegge of Zweitag and Ben Murphy as the original reporters.
This issue was discovered by Dan Prince of Red Hat.
Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Chris Wysopal of Veracode as the original issue reporter.
Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Daniel Atallah as the original reporter.
Red Hat would like to thank the Pidgin project for reporting this issue.
Red Hat would like to thank the Pidgin project for reporting this issue.
Red Hat would like to thank the Ruby on Rails project for reporting this issue. The Ruby on Rails project acknowledges Tobias Kraze as the original reporter.
Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Nathanael Burton (National Security Agency) as the original reporter.
This issue was discovered by Kaushik Banerjee of Red Hat.
Red Hat would like to thank Garth Mollett for reporting this issue.
This issue was discovered by Mike Burns of Red Hat.
This issue was discovered by Thierry Bordaz of Red Hat.
This issue was discovered by Nick Scavelli of Red Hat.
This issue was discovered by Arun Neelicattu and David Jorm of the Red Hat Security Response Team.
Red Hat would like to thank Ruby on Rails upstream for reporting this issue. Upstream acknowledges Lawrence Pit of Mirror42 as the original reporter.
Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Loganathan Parthipan (HP) and Rohit Karajgi (NTT Data) as the original, independent reporters.
This issue was discovered by Sumit Bose of Red Hat.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Atte Kettunen as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Olli Pettay as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Boris Zbarsky as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jesse Ruderman as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jesse Ruderman as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Bill Gianopoulos, Benoit Jacob, Christoph Diehl, Christian Holler, Gary Kwong, Robert O'Callahan, Scoobidiver, Jesse Ruderman and Julian Seward as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges pa_kt as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Sviatoslav Chagaev as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges regenrecht as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges regenrecht as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges regenrecht as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges regenrecht as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mariusz Mlynski as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mariusz Mlynski as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Masato Kinugawa as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jerry Baker as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Boris Zbarsky as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges miaubiz as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christoph Diehl, Christian Holler, Mats Palmgren, and Chiaki Ishikawa as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Bill Gianopoulos, Benoit Jacob, Christoph Diehl, Christian Holler, Gary Kwong, Robert O'Callahan, Scoobidiver, Jesse Ruderman and Julian Seward as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Atte Kettunen as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Bobby Holley as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Frederik Braun as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Michal Zalewski as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Olli Pettay, Christoph Diehl, Gary Kwong, Jesse Ruderman, Andrew McCreight, Joe Drew, and Wayne Mery as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Alon Zakai, Christian Holler, Gary Kwong, Jesse Ruderman, Luke Wagner, Terrence Cole, Timothy Nikkel, Olli Pettay, Bill McCloskey, and Nicolas Pierron as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges VUPEN Security via the TippingPoint Zero Day Initiative project as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Olli Pettay, Jesse Ruderman, Boris Zbarsky, Christian Holler, Milan Sreckovic, and Joe Drew as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Andrew McCreight, Randell Jesup, Gary Kwong, Jesse Ruderman, Christian Holler, and Mats Palmgren as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ambroz Bizjak as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Tobias Schula as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mariusz Mlynski as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Cody Crews as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges miaubiz as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christoph Diehl, Christian Holler, Jesse Ruderman, Timothy Nikkel, and Jeff Walden as the original reporter.
Red Hat would like to thank the Xen project for reporting this issue. Upstream acknowledges Andrew Cooper and the Citrix XenServer team as the original reporters.
Red Hat would like to thank the Perl 5 Security Team for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank Raphael Geissert for reporting these issues during a review for EDF.
Red Hat would like to thank Tim Brown for reporting this issue.
Red Hat would like to thank US-CERT for reporting this issue. US-CERT acknowledges Oracle as the original reporter.
Red Hat would like to thank Puppet Labs for reporting this issue.
Red Hat would like to thank Puppet Labs for reporting this issue.
Red Hat would like to thank Puppet Labs for reporting this issue.
Red Hat would like to thank Perl project for reporting this issue. Upstream acknowledges Yves Orton as the original issue reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Bob Clary, Ben Turner, Benoit Jacob, Bobby Holley, Christoph Diehl, Christian Holler, Andrew McCreight, Gary Kwong, Jason Orendorff, Jesse Ruderman, Matt Wobensmith, and Mats Palmgren as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Cody Crews as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges moz_bug_r_a4 as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ms2ger as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gary Kwong, Jesse Ruderman, and Andrew McCreight as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christian Holler, Bobby Holley, Gary Kwong, Jesse Ruderman, Ben Turner, Ehsan Akhgari, Mats Palmgren, and John Schoenick as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mariusz Mlynski as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mariusz Mlynski as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Johnathan Kuskos as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Paul Stone as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Boris Zbarsky as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Bob Owen as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Frédéric Buclin as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges moz_bug_r_a4 as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Matt Wobensmith as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges 3ric Johanson, Richard Newman and Holt Sorenson as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jeff Gilbert and Henrik Skupin as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ben Turner, Christian Holler, Andrew McCreight, Gary Kwong, Jan Varga, and Jesse Ruderman as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Aki Helin as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges moz_bug_r_a4 as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges moz_bug_r_a4 as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Bobby Holley and moz_bug_r_a4 as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Cody Crews as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Federico Lanusse as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Georgi Guninski as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges André Bargull, Scoobidiver, Bobby Holley, and Reuben Morais as the original reporters.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christian Holler, Makoto Kato, Jesse Ruderman, Jason Smith, Jan de Mooij, Gary Kwong, Scoobidiver, Olli Pettay, Bobby Holley, and Bob Clary as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Atte Kettunen as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Alex Chapman as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Masayuki Nakano as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Scott Bell as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ms2ger as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Dan Gohman as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Victor Porof as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Sachin Shinde as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Aki Helin as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Boris Zbarsky as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Tavis Ormandy as the original reporter of this issue.
This issue was discovered by Mateusz Guzik of Red Hat EMEA GSS SEG Team.
Red Hat would like to thank Andrew Honig of Google for reporting this issue.
Red Hat would like to thank Andrew Honig of Google for reporting this issue.
Red Hat would like to thank Andrew Honig of Google for reporting this issue.
Red Hat would like to thank Simon McVittie for reporting this issue.
This issue was discovered by Derek Higgins of the Red Hat OpenStack team.
Red Hat would like to thank Finke Lamein for reporting this issue.
This issue was discovered by Sureshkumar Thirugnanasambandan of the Red Hat Quality Engineering Team.
Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Vish Ishaya (Nebula) as the original reporter.
Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Stuart McLaren (HP) as the original reporter.
Red Hat would like to thank the Apache Subversion project for reporting this issue. Upstream acknowledges Alexander Klink as the original reporter of this flaw.
Red Hat would like to thank the Apache Subversion project for reporting this issue. Upstream acknowledges Ben Reser as the original reporter of this flaw.
Red Hat would like to thank the Apache Subversion project for reporting this issue. Upstream acknowledges Philip Martin and Ben Reser as the original reporter of this flaw.
Red Hat would like to thank Ruby on Rails upstream for reporting this issue. Upstream acknowledges Ben Murphy as the original reporter.
Red Hat would like to thank Ruby on Rails upstream for reporting this issue. Upstream acknowledges Charlie Somerville as the original reporter.
Red Hat would like to thank Ruby on Rails upstream for reporting this issue. Upstream acknowledges Alan Jenkins as the original reporter.
Red Hat would like to thank Alyssa Milburn for reporting this issue.
Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Guang Yee (HP) as the original reporter.
Red Hat would like to thank Ryan Giobbi of UPMC for reporting this issue.
Red Hat would like to thank Ryan Giobbi of UPMC for reporting this issue.
Red Hat would like to thank the Apache Subversion for reporting this issue. Upstream acknowledges Greg McMullin, Stefan Fuhrmann, Philip Martin and Ben Reser as the original reporters of this flaw.
This issue was discovered by Martin Kosek of Red Hat.
Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Mitsumasa Kondo and Kyotaro Horiguchi as the original issue reporters.
Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Marko Kreen as the original issue reporter.
Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Noah Misch as the original issue reporter.
This issue was discovered by Petr Matousek of the Red Hat MRG Messaging
team.
Red Hat would like to thank Willy Tarreau of HAProxy upstream for reporting this issue. Upstream acknowledges Yves Lafon from the W3C as the original reporter.
This issue was discovered by Murray McAllister of the Red Hat Security Response Team.
Red Hat would like to thank the Xen for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
This issue was found by Daniel Berrange of Red Hat.
This issue was discovered by Jiri Vanek of the Red Hat OpenJDK Team.
This issue was discovered by the Red Hat Security Response Team.
Red Hat would like to thank IBM for reporting this issue.
This issue was found by David Airlie and Peter Hutterer of Red Hat.
This issue was discovered by Michael S. Tsirkin of Red Hat.
Red Hat would like to thank the cURL project for reporting this issue. Upstream acknowledges YAMADA Yasuharu as the original reporter.
Red Hat would like to thank Michael Armstrong for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
This issue was discovered by Murray McAllister of Red Hat Security Response Team.
Red Hat would like to thank Emmanuel Bouillon (NCI Agency) for reporting this issue.
Red Hat would like to thank Emmanuel Bouillon (NCI Agency) for reporting this issue.
Red Hat would like to thank Edoardo Comar of IBM for reporting this issue.
Red Hat would like to thank the Xen for reporting this issue.
Red Hat would like to thank Simon Fayer of Imperial College London for reporting this issue.
This issue was discovered by Murray McAllister of the Red Hat Security Response Team.
Red Hat would like to thank Andy Lutomirski for reporting this issue.
This issue was discovered by Laszlo Ersek of Red Hat.
This issue was found by Jason Wang of Red Hat.
References:
https://lists.gnu.org/archive/html/qemu-devel/2013-04/msg05013.html
Proposed upstream patch:
https://lists.gnu.org/archive/html/qemu-devel/2013-04/msg05254.html
Red Hat would like to thank Atzm WATANABE of Stratosphere Inc. for reporting this issue.
This issue was discovered by Grant Murphy of the Red Hat Product Security Team.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
This issue was discovered by Ramon de C Valle of the Red Hat Product Security Team.
This issue was discovered by Ramon de C Valle of the Red Hat Product Security Team.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
This issue was discovered by Jan Pazdziora of the Red Hat Satellite Engineering team.
This issue was discovered by Vit Ondruch of Red Hat.
This issue was discovered by Ramon de C Valle of the Red Hat Product Security Team.
Red Hat would like to thank Amazon Web Services for reporting this issue.
Amazon Web Services acknowledges Sylvain Beucler as the original reporter.
This issue was discovered by Paolo Bonzini and Laszlo Ersek of Red Hat.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
This issue was discovered by Florian Weimer of Red Hat Product Security Team.
This issue was discovered by Red Hat.
This issue was discovered by Eoghan Glynn of Red Hat.
This issue was discovered by Ramon de C Valle of the Red Hat Product Security Team.
This issue was discovered by Michael Scherer of the Red Hat Regional IT team.
This issue was discovered by Ramon de C Valle of the Red Hat Product Security Team.
This issue was discovered by Richard Opalka and Arun Neelicattu of Red Hat.
This issue was discovered by Ramon de C Valle of the Red Hat Product Security Team.
This issue was discovered by Daniel Erez of the Red Hat Enterprise Virtualization Team.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
Red Hat would like to thank Scott Cantor of Apache Santuario-C++ upstream for reporting of this issue. Upstream acknowledges James Forshaw of Context Information Security as the original issue reporter.
Red Hat would like to thank Scott Cantor of Apache Santuario-C++ upstream for reporting of this issue. Upstream acknowledges James Forshaw of Context Information Security as the original issue reporter.
Red Hat would like to thank Scott Cantor of Apache Santuario-C++ upstream for reporting of this issue. Upstream acknowledges James Forshaw of Context Information Security as the original issue reporter.
Red Hat would like to thank Scott Cantor of Apache Santuario-C++ upstream for reporting of this issue. Upstream acknowledges James Forshaw of Context Information Security as the original issue reporter.
Red Hat would like to thank Thierry Carrez of OpenStack upstream for reporting this issue. Upstream acknowledges Jose Castro Leon of CERN as the original issue reporter.
Red Hat would like to thank Andreas Falkenberg of SEC Consult Deutschland GmbH, and Christian Mainka, Juraj Somorovsky and Joerg Schwenk of Ruhr-University Bochum for reporting this issue.
Red Hat would like to thank Alex Gaynor from Rackspace for reporting this issue.
Red Hat would like to thank Takeshi Terada (Mitsui Bussan Secure Directions, Inc.) for reporting this issue.
Red Hat would like to thank the OpenStack project for reporting these
issues. Upstream acknowledges Paul McMillan of Nebula as the original
reporter.
Red Hat would like to thank the OpenStack project for reporting these
issues. Upstream acknowledges Paul McMillan of Nebula as the original
reporter.
Red Hat would like to thank the cURL project for reporting this issue.
Upstream acknowledges Timo Sirainen as the original reporter.
Red Hat would like to thank HAProxy upstream for reporting this issue. Upstream acknowledges David Torgerson as the original reporter.
This issue was discovered by Jiri Belka of Red Hat.
This issue was discovered by Mateusz Guzik of Red Hat.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank Martin Carpenter of Citco for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen for reporting this issue. Upstream acknowledges Zhenzhong Duan as the original reporter.
This issue was discovered by Daniel P. Berrange of Red Hat.
This issue was discovered by Ludwig Krispenz of Red Hat.
This issue was discovered by Zhenfeng Wang of Red Hat.
This issue was discovered by Lev Veyde of Red Hat.
Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges hzrandd from NetEase as the original reporter. Upstream also acknowledges Ken'ichi Ohmichi from NEC for providing a corrected fix for this issue.
Red Hat would like to thank Puppet Labs for reporting this issue.
Red Hat would like to thank Puppet Labs for reporting this issue.
Red Hat would like to thank Moshe Kaplan for reporting this issue.
Red Hat would like to thank Moshe Kaplan for reporting this issue.
Red Hat would like to thank Kees Cook for reporting this issue.
Red Hat would like to thank Kees Cook for reporting this issue.
Red Hat would like to thank Kees Cook for reporting this issue.
Red Hat would like to thank the Xen and KVM upstreams for reporting this issue. Xen upstream acknowledged Gábor PÉK of CrySyS Lab as the original reporter
Red Hat would like to thank Puppet Labs for reporting this issue. Upstream acknowledges Ben Murphy as the original reporter.
Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Thomas Leaman of HP as the original reporter.
This issue was discovered by Marek Hulán of the Red Hat Foreman team.
Red Hat would like to thank Hannes Frederic Sowa for reporting this issue.
This issue was discovered by Wolf-Dieter Fink of the Red Hat GSS Team.
This issue was discovered by David Gibson of Red Hat.
Red Hat would like to thank Ben Reser of Apache Subversion project for reporting this issue. Upstream acknowledges Daniel Shahaf of Apache Infrastructure as the original issue reporter.
The issues were discovered as part of the state loading code audit performed by Michael S. Tsirkin of Red Hat, Anthony Liguori and Michael Roth.
The issues were discovered as part of the state loading code audit performed by Michael S. Tsirkin of Red Hat, Anthony Liguori and Michael Roth.
The issues were discovered as part of the state loading code audit performed by Michael S. Tsirkin of Red Hat, Anthony Liguori and Michael Roth.
The issues were discovered as part of the state loading code audit performed by Michael S. Tsirkin of Red Hat, Anthony Liguori and Michael Roth.
This issue was discovered by Petr Krempa of Red Hat.
This issue was discovered by Alex Jia of Red Hat.
This issue was discovered by Peter Portante of Red Hat.
These issues were discovered by Gowrishankar Rajaiyan of Red Hat and Kurt Seifried of the Red Hat Security Response Team.
Red Hat would like to thank Hannes Frederic Sowa for reporting this issue.
Red Hat would like to thank Hannes Frederic Sowa for reporting this issue.
Red Hat would like to thank the researcher with the nickname vladz for reporting this issue.
This issue was discovered by James Laska of Red Hat.
This issue was discovered by Grant Murphy of the Red Hat Product Security Team.
This issue was discovered by Marek Hulán of the Red Hat Foreman team.
Red Hat would like to thank Kayhan KAYIHAN of Endersys A.Ş. for reporting this issue.
Red Hat would like to thank Daniel Lobato of CERN IT-PES-PS for reporting this issue.
Red Hat would like to thank the OpenStack project for reporting this
issue. Upstream acknowledges Vishvananda Ishaya from Nebula as the original
reporter.
This issue was discovered by Grant Murphy of the Red Hat Product Security Team.
This issue was discovered by Jan Pokorný of Red Hat.
This issue was discovered by James Livingston of Red Hat Support Engineering Group.
This issue was discovered by Wolf-Dieter Fink of the Red Hat GSS Team.
This issue was discovered by Grant Murphy of the Red Hat Product Security Team.
This issue was discovered by Grant Murphy of the Red Hat Product Security Team.
This issue was found by Florian Weimer of Red Hat Product Security Team.
This issue was found by Florian Weimer of Red Hat Product Security Team.
This issue was found by Florian Weimer of Red Hat Product Security Team.
This issue was found by Florian Weimer of Red Hat Product Security Team.
This issue was found by David Gibson of Red Hat.
This issue was discovered by Murray McAllister of the Red Hat Security Response Team.
This issue was discovered by Huzaifa Sidhpurwala of the Red Hat Security Response Team.
Red Hat would like to thank Ben Reser of the Apache Subversion project for reporting this issue. Upstream acknowledges Ivan Zhakov from VisualSVN as the original issue reporter.
This issue was found by Florian Weimer of the Red Hat Product Security Team.
This issue was found by Matthew Farrellee of Red Hat.
Red Hat would like to thank Michael Scherer for reporting this issue.
Red Hat would like to thank Michael Scherer for reporting this issue.
This issue was discovered by Jaroslav Henner of Red Hat.
Red Hat would like to thank Ben Reser of the Apache Subversion project for reporting this issue. Upstream acknowledges Daniel Shahaf of Apache Infrastructure as the original issue reporter.
This issue was discovered by Miroslav Vadkerti of Red Hat.
Introduced by:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cff109768b2d9c03095848f4cd4b0754117262aa
Fixed by:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2433c8f094a008895e66f25bd1773cdb01c91d01
This issue was discovered by David Jorm of the Red Hat Security Response Team.
Red Hat would like to thank Ben Reser of the Apache Subversion project for reporting this issue. Upstream acknowledges Daniel Shahaf of elego Software Solutions GmbH as the original issue reporter.
This issue was discovered by Tomas Jamrisko of Red Hat.
Red Hat would like to thank Rubygems upstream for reporting this vulnerability. Upstream acknowledges Damir Sharipov as the original reporter.
Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for reporting this issue.
Red Hat would like to thank Seth Arnold for reporting this issue.
Red Hat would like to thank Seth Arnold for reporting this issue.
This issue was discovered by Larry O'Leary of the Red Hat Middleware Support Engineering Group.
Red Hat would like to thank Thierry Carrez of OpenStack upstream for reporting this issue. Upstream acknowledges Kieran Spear of University of Melbourne as the original reporter.
This issue was discovered by Daniel P. Berrange of Red Hat.
Red Hat would like to thank Fujitsu for reporting this issue.
Red Hat would like to thank James Bennett of Django for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank Thomas Swan of FedEx for reporting this issue.
This issue was discovered by Asias He of Red Hat.
Red Hat would like to thank Stephan Mueller for reporting this issue.
This issue was found by Jason Wang of Red Hat.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
This issue was discovered by Yedidyah Bar David of Red Hat.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
This issue was discovered by Sibiao Luo of Red Hat.
This issue was discovered by Dominic Cleal of Red Hat.
Red Hat would like to thank the Ruby on Rails project for reporting this issue. Upstream acknowledges Aaron Neyer as the original reporter.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
Red Hat would like to thank the X.Org security team for reporting this issue. Upstream acknowledges Pedro Ribeiro as the original reporter.
Red Hat would like to thank Timo Warns for reporting this issue.
This issue was discovered by Zhenfang Wang of Red Hat.
Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for reporting this issue.
Red Hat would like to thank Werner Koch for reporting this issue. Upstream acknowledges Taylor R Campbell as the original reporter.
This issue was discovered by Tomáš Nováčik of the Red Hat MRG Quality Engineering team.
This issue was discovered by Tomáš Nováčik of the Red Hat MRG Quality Engineering team.
Red Hat would like to thank the Samba project for reporting this issue.
Upstream acknowledges Stefan Metzmacher and Michael Adam of SerNet as the
original reporters of this issue.
Red Hat would like to thank the Review Board project for reporting this issue. Upstream acknowledges Frederik Braun from Mozilla as the original reporter.
This issue was discovered by Tomáš Nováčik of the Red Hat MRG Quality Engineering team.
Red Hat would like to thank Adam Willard and Jose Carlos de Arriba of Foreground Security for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue. Upstream acknowledges Thomas Sanders of Citrix as the original reporter.
This issue was discovered by Michael Scherer of the Red Hat Regional IT team.
Red Hat would like to thank Cloud Technology Development Department, Ricoh Company, Ltd. for reporting this issue.
Red Hat would like to thank the OpenStack Project for reporting this issue. The OpenStack Project acknowledges Stuart McLaren from HP as the original reporter.
Red Hat would like to thank Michael Vishchers from Seven Principles AG for reporting this issue.
This issue was discovered by Larry O'Leary of the Red Hat Middleware Support Engineering Group.
This issue was discovered by Tomáš Nováčik of the Red Hat MRG Quality Engineering team.
Red Hat would like to thank Thierry Carrez of the OpenStack project for reporting this issue. Upstream acknowledges Bernhard M. Wiedemann of SuSE as the original reporter.
Red Hat would like to thank Hannes Frederic Sowa for reporting this issue.
This issue was discovered by Andrew Spurrier of Red Hat.
This issue was discovered by Jan Pokorný of Red Hat.
This issue was discovered by Jan Pokorný of Red Hat.
Red Hat would like to thank Vladimir Davydov (Parallels) for reporting this issue.
This issue was discovered by David Jorm of the Red Hat Security Response Team. The reporter acknowledges Adrian Hayes of Security-Assessment.com as the original reporter of this category of flaw.
Red Hat would like to thank Ruby on Rails upstream for reporting this issue. Upstream acknowledges Peter McLarnan as the original reporter.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank David Beer of Adaptive Computer for reporting this issue. Upstream acknowledges Matt Ezell of Oak Ridge National Labs as the original reporter.
Red Hat would like to thank the Samba project for reporting this issue.
Upstream acknowledges Andrew Bartlett as the original reporter.
Red Hat would like to thank the Apache Subversion project for reporting this issue. Upstream acknowledges Ben Reser as the original reporter.
This issue was discovered by Arun Neelicattu and David Jorm of the Red Hat Security Response Team.
The issues were discovered as part of the state loading code audit performed by Michael S. Tsirkin of Red Hat, Anthony Liguori and Michael Roth.
The issues were discovered as part of the state loading code audit performed by Michael S. Tsirkin of Red Hat, Anthony Liguori and Michael Roth.
The issues were discovered as part of the state loading code audit performed by Michael S. Tsirkin of Red Hat, Anthony Liguori and Michael Roth.
The issues were discovered as part of the state loading code audit performed by Michael S. Tsirkin of Red Hat, Anthony Liguori and Michael Roth.
The issues were discovered as part of the state loading code audit performed by Michael S. Tsirkin of Red Hat, Anthony Liguori and Michael Roth.
The issues were discovered as part of the state loading code audit performed by Michael S. Tsirkin of Red Hat, Anthony Liguori and Michael Roth.
This issue was discovered by Michael S. Tsirkin of Red Hat.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue. Upstream acknowledges Jan Beulich as the original reporter.
Red Hat would like to thank the Apache Subversion project for reporting this issue. Upstream acknowledges Philip Martin as the original reporter.
Red Hat would like to thank Saran Neti of TELUS Security Labs for reporting this issue.
Red Hat would like to thank Albert Smith of OUSD(AT&L) for reporting this issue.
Red Hat would like to thank Werner Koch of GnuPG upstream for reporting this issue. Upstream acknowledges Genkin, Shamir, and Tromer as the original reporters.
Red Hat would like to thank Andrew Honig of Google for reporting this issue.
Red Hat would like to thank Puppet Labs for reporting this issue.
Red Hat would like to thank Puppet Labs for reporting this issue.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jesse Ruderman and Christoph Diehl as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Vladimir Vukicevic, Jesse Ruderman, Gary Kwong, and Kannan Vijayan as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jordi Chancel as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Dan Gohman as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ezra Pool as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Byoungyoung Lee as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Cody Crews as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Camilo Viecco as the original reporter of this issue.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Pascal Cuoq, Kamil Dudka, and Wan-Teh Chang as the original reporters of this issue.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ben Turner, Bobby Holley, Jesse Ruderman, and Christian Holler as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christian Holler and Christoph Diehl as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Myk Melez as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Masato Kinugawa as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Tyson Smith, Jesse Schwartzentruber and Atte Kettunen as the original reporters.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Daniel Veditz as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Eric Faust as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jesse Schwartzentruber as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Dan Gohman as the original reporter.
Red Hat would like to thank Raphael Geissert for reporting these issues during a review for EDF.
Red Hat would like to thank Raphael Geissert for reporting these issues during a review for EDF.
Red Hat would like to thank Raphael Geissert for reporting these issues during a review for EDF.
Red Hat would like to thank Raphael Geissert for reporting these issues during a review for EDF.
Red Hat would like to thank Andrew Honig of Google for reporting this issue
Red Hat would like to thank Andrew Honig of Google for reporting this issue
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank Lars Bull of Google for reporting this issue.
Red Hat would like to thank Jeremy Stanley of the OpenStack Project for reporting this issue. Upstream acknowledges Steven Hardy of Red Hat as the original reporter.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
The issues were discovered as part of the state loading code audit performed by Michael S. Tsirkin of Red Hat, Anthony Liguori and Michael Roth.
Red Hat would like to thank the Xen project for reporting this issue.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
This issue was discovered by the Red Hat Security Response Team.
Red Hat would like to thank Ruby on Rails upstream for reporting this issue. Upstream acknowledges Toby Hsieh as the original reporter.
Red Hat would like to thank Ruby on Rails upstream for reporting this issue. Upstream acknowledges Ankit Gupta as the original reporter.
Red Hat would like to thank the Ruby on Rails project for reporting this issue. The Ruby on Rails project acknowledges Sudhir Rao as the original reporter.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
Red Hat would like to thank the OpenStack Project for reporting this issue. Upstream acknowledges Aaron Rosen of VMware as the original reporter.
Red Hat would like to thank the PHP project for reporting this issue. Upstream acknowledges Stefan Esser as the original reporter of this issue.
Red Hat would like to thank the cURL project for reporting this issue. Upstream acknowledges Marc Deslauriers as the original reporter.
Red Hat would like to thank Jeremy Stanley of the OpenStack Project for reporting this issue. Upstream acknowledges Steven Hardy of Red Hat as the original reporter.
Red Hat would like to thank Jeremy Stanley of the OpenStack Project for reporting this issue. Upstream acknowledges Steven Hardy of Red Hat as the original reporter.
This issue was discovered by Jon Passki of Coverity SRL and Arun Neelicattu of the Red Hat Security Response Team.
Red Hat would like to thank Mr Hannes Frederic Sowa for reporting this issue.
This issue was discovered by Kashyap Chamarthy of Red Hat.
Red Hat would like to thank Michael Samuel of Amcom for reporting this issue.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
This issue was discovered by Martin Kletzander of Red Hat.
Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Phil Day from HP as the original reporter.
This issue was discovered by Adrian Likins of RedHat.
This issue was discovered by David Illsley, Ron Gutierrez of Gotham Digital Science, and David Jorm of the Red Hat Security Response Team.
Red Hat would like to thank the Debian Project for reporting this issue. The Debian Project acknowledges Florian Sagar as the original reporter.
Red Hat would like to thank the Samba project for reporting this issue.
Upstream acknowledges Noel Power as the original reporter.
This issue was discovered by Martin Povolný of Red Hat.
This issue was discovered by Florian Weimer and Stephen Gallagher of Red Hat.
This issue was discovered by Tomáš Nováčik of the Red Hat MRG Quality Engineering team.
Red Hat would like to thank Jon Passki of Coverity SRL for reporting this issue.
Red Hat would like to thank Jon Passki of Coverity SRL for reporting this issue.
Red Hat would like to thank the X.Org security team for reporting this issue.
Red Hat would like to thank Grégory DRAPERI for reporting this issue.
The CVE-2013-6468 issue was discovered by Marc Schoenefeld of the Red Hat
Security Response Team. Red Hat would like to thank Grégory Draperi for
independently reporting this issue.
These issues were discovered by Florian Weimer of the Red Hat Product Security Team.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Jaime Breva Ribes as the original reporter of this issue.
Red Hat would like to thank the Pidgin project for reporting this issue.
Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Jacob Appelbaum of the Tor Project as the original reporter of this issue.
Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Daniel Atallah as the original reporter of this issue.
Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Fabian Yamaguchi and Christian Wressnegger of the University of Goettingen as the original reporters of this issue.
Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Fabian Yamaguchi and Christian Wressnegger of the University of Goettingen as the original reporters of this issue.
Red Hat would like to thank the Pidgin project for reporting this issue.
Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Matt Jones of Volvent as the original reporter of this issue.
Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Yves Younan and Ryan Pentney of Sourcefire VRT as the original reporters of this issue.
Red Hat would like to thank Teguh P. Alko for reporting this issue.
Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Yves Younan and Pawel Janic of Sourcefire VRT as the original reporters of this issue.
Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Yves Younan of Sourcefire VRT as the original reporter of this issue.
This issue was discovered by Michael Scherer of the Red Hat Regional IT team.
This issue was discovered by David Jorm of Red Hat Product Security.
This issue was discovered by Jan Pokorny of Red Hat.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Tyson Smith as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Vincent Lefevre as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Sijie Xia as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Fabián Cuchietti and Ateeq ur Rehman Khan as the original reporter.
Red Hat would like to thank the Xen project for reporting this issue. Upstream acknowledges Jan Beulich as the original reporter.
Red Hat would like to thank Raphael Geissert for reporting these issues during a review for EDF.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
Red Hat would like to thank the OpenStack project for reporting this issue. The OpenStack project acknowledges Loganathan Parthipan as the original reporter.
Red Hat would like to thank M.Schwarz of resellerdesktop.de for reporting this issue.
Red Hat would like to thank Hannes Frederic Sowa for reporting this issue.
Red Hat would like to thank Hannes Frederic Sowa for reporting this issue.
Red Hat would like to thank Hannes Frederic Sowa for reporting this issue.
Red Hat would like to thank Hannes Frederic Sowa for reporting this issue.
Red Hat would like to thank Hannes Frederic Sowa for reporting this issue.
Red Hat would like to thank Hannes Frederic Sowa for reporting this issue.
This issue was discovered by Marian Krcmarik of Red Hat.
Red Hat would like to thank George Hedfors of Cybercom Sweden East AB for reporting this issue.
Red Hat would like to thank Ben Reser of the Apache Subversion project for reporting this issue. Upstream acknowledges Daniel Shahaf of Apache Infrastructure as the original issue reporter.
This issue was discovered by Garth Mollett of the Red Hat Security Response Team.
This issue was discovered by David Jorm of the Red Hat Security Response Team.
This issue was discovered by David Jorm of the Red Hat Security Response Team.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
This issue was discovered by Josef Cacek of the Red Hat JBoss EAP Quality Engineering team.
Red Hat would like to thank the Openstack Project for reporting this issue. Upstream acknowledges Samuel Merritt of SwiftStack as the original reporter.
This issue was discovered by Lukas Zapletal of Red Hat.
This issue was discovered by Arun Babu Neelicattu of the Red Hat Security Response Team.
Red Hat would like to thank the cURL project for reporting this issue. Upstream acknowledges Paras Sethia as the original reporter and Yehezkel Horowitz for discovering the security impact.
Red Hat would like to thank Aris Adamantiadis for reporting this issue.
This issue was discovered by Stuart Douglas of Red Hat.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Daniel Atallah as the original reporter of this issue.
This issue was discovered by Miroslav Lichvar of Red Hat.
This issue was discovered by Hui Wang and Lingyan Zhuang of Red Hat.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
This issue was discovered by Eric Blake of the Red Hat libvirt team.
This issue was discovered by Hui Wang and Yu Zheng of Red Hat.
Red Hat would like to thank Michael Samuel of Amcom for reporting this issue.
Red Hat would like to thank Robert Scheck of ETES GmbH for reporting this issue.
This issue was discovered by Grant Murphy of the Red Hat Product Security Team.
This issue was discovered by Grant Murphy of the Red Hat Product Security Team.
This issue was discovered by Grant Murphy of the Red Hat Product Security Team.
Red Hat would like to thank Lars Bull of Google for reporting this issue.
Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Aaron Rosen from VMware as the original reporter.
This issue was discovered by Jan Rusnacko of the Red Hat Product Security Team.
Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Noah Misch as the original reporter.
Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Andres Freund as the original reporter.
Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Robert Haas and Andres Freund as the original reporters.
Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Noah Misch as the original reporter.
Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Heikki Linnakangas and Noah Misch as the original reporters.
Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Peter Eisentraut and Jozef Mlich as the original reporters.
Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Honza Horak and Bruce Momjian as the original reporters.
Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Noah Misch as the original reporter.
Red Hat would like to thank Al Viro for reporting this issue.
This issue was discovered by David Jorm of Red Hat Product Security.
This issue was discovered by Michael S. Tsirkin of Red Hat.
This issue was discovered by Jan Rusnacko of the Red Hat Product Security Team.
Red Hat would like to thank Robert Scheck of ETES GmbH for reporting this issue.
Red Hat would like to thank the Ruby on Rails Project for reporting this issue. Upstream acknowledges Godfrey Chan as the original reporter.
Red Hat would like to thank the Ruby on Rails Project for reporting this issue. Upstream acknowledges Kevin Reintjes as the original reporter.
Red Hat would like to thank the Ruby on Rails Project for reporting this issue. Upstream acknowledges Toby Hsieh of SlideShare as the original reporter.
Red Hat would like to thank Pierre Carrier of airbnb for reporting this issue.
This issue was discovered by Andy Grimm of Red Hat.
This issue was discovered by Graeme Colman of Red Hat.
This issue was discovered by Jeremy Choi and Keqin Hong of the Red Hat HSS Pen-Test Team.
This issue was discovered by Jeremy Choi and Keqin Hong of the Red Hat HSS Pen-Test Team.
This issue was discovered by Nikos Mavrogiannopoulos of the Red Hat Security Technologies Team.
This issue was discovered by Josef Cacek of the Red Hat JBoss EAP Quality Engineering team.
This issue was discovered by Nikolay Aleksandrov of Red Hat.
Red Hat would like to thank Nokia Siemens Networks for reporting this issue.
Red Hat would like to thank Michael Samuel for reporting this issue.
Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Kieran Spear from the University of Melbourne as the original reporter.
Red Hat would like to thank Todd C. Miller for reporting this issue. Upstream acknowledges Sebastien Macke as the original reporter.
This issue was discovered by David Jorm of the Red Hat Security Response Team.
This issue was discovered by David Jorm of the Red Hat Security Response Team.
Red Hat would like to thank the Squid project for reporting this issue. Upstream acknowledges Mathias Fischer and Fabian Hugelshofer from Open Systems AG as the original reporters.
This issue was discovered by Michael S. Tsirkin of Red Hat.
Red Hat would like to thank the OpenStack Project for reporting this issue. Upstream acknowledges Stanislaw Pitucha from Hewlett Packard as the original reporter.
This issue was discovered by Jan Rusnacko of Red Hat Product Security.
This issue was discovered by Jan Rusnacko of the Red Hat Product Security Team.
Red Hat would like to thank the cURL project for reporting this issue. Upstream acknowledges Steve Holme as the original reporter.
Red Hat would like to thank the cURL project for reporting this issue. Upstream acknowledges Richard Moore from Westpoint Ltd. as the original reporter.
This issue was discovered by Jan Rusnacko of Red Hat Product Security.
These issues were discovered by Kevin Wolf of Red Hat Inc.
These issues were discovered by Kevin Wolf and Stefan Hajnoczi of Red Hat Inc.
These issues were discovered by Fam Zheng, Jeff Cody, Kevin Wolf and Stefan Hajnoczi of Red Hat Inc.
These issues were discovered by Stefan Hajnoczi of Red Hat Inc.
This issue was discovered by Kevin Wolf of Red Hat Inc.
These issues were discovered by Kevin Wolf of Red Hat Inc.
This issue was discovered by Jeff Cody of Red Hat Inc.
This issue was discovered by Michael S. Tsirkin of Red Hat.
This issue was discovered by Red Hat.
Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Cristian Fiorentino from Intel as the original reporter.
Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Neel Mehta of Google Security as the original reporter.
Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Paul McMillan (Nebula) as the original reporter.
This issue was discovered by Jeremy Choi of the Red Hat Quality Engineering Group.
Red Hat would like to thank the Openstack Project for reporting this issue. Upstream acknowledges Marc Heckmann of Ubisoft as the original reporter.
This issue was discovered by Ondrej Lukas of the Red Hat JBoss EAP Quality Engineering team.
This issue was discovered by David Jorm of Red Hat Product Security.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
This issue was discovered by Stanislav Graf of Red Hat.
This issue was discovered by Martin Povolny of Red Hat.
Red Hat would like to thank the Samba project for reporting this issue. The Samba project acknowledges Christof Schmitt as the original reporter.
Red Hat would like to thank the upstream Libvirt project for reporting this
issue. Upstream acknowledges Daniel P. Berrange and Richard Jones as the original reporters.
This issue was discovered by Jan Rusnacko of the Red Hat Product Security Team.
Red Hat would like to thank Andy Lutomirski for reporting this issue.
The issues were discovered as part of the state loading code audit performed by Michael S. Tsirkin of Red Hat, Anthony Liguori and Michael Roth.
This issue was discovered by Jan Hutar of Red Hat.
Red Hat would like to thank Christian Hoffmann for reporting this issue.
Red Hat would like to thank Sal Castiglione for reporting this issue.
This issue was discovered by Daniel P. Berrange of Red Hat.
Red Hat would like to thank James Roper of Typesafe for reporting this issue.
Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Jüri Aedla as the original reporter of this issue.
This issue was discovered by Red Hat.
This issue was discovered by Red Hat.
This issue was discovered by Red Hat.
This issue was discovered by Red Hat.
Red Hat would like to thank Vladimir Davydov of Parallels for reporting this issue.
Red Hat would like to thank the Openstack project for reporting this issue. Upstream acknowledges Michael Stancampiano of IBM as the original reporter.
The security impact of this issue was discovered by Mateusz Guzik of Red Hat.
This issue was discovered by Mateusz Guzik of Red Hat.
This issue was discovered by Francisco Alonso of Red Hat Product Security.
This issue was discovered by Jan Hutař of Red Hat.
Red Hat would like to thank the X.org project for reporting this issue. Upstream acknowledges Ilja van Sprundel as the original reporter of this issue.
Red Hat would like to thank the X.org project for reporting this issue. Upstream acknowledges Ilja van Sprundel as the original reporter of this issue.
Red Hat would like to thank the X.org project for reporting this issue. Upstream acknowledges Ilja van Sprundel as the original reporter of this issue.
This issue was discovered by Frantisek Reznicek of Red Hat.
Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Imre Rad of Search-Lab as the original reporter of this issue.
Red Hat would like to thank NSA for reporting this issue.
Red Hat would like to thank NSA for reporting this issue.
Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges KIKUCHI Masashi of Lepidum as the original reporter of this issue.
This issue was discovered by Jeremy Choi of the Red Hat HSS Pen-test Team.
This issue was discovered by Kurt Seifried of the Red Hat Security Response Team.
This issue was discovered by Francisco Alonso of the Red Hat Security Response Team.
This issue was discovered by Francisco Alonso of Red Hat Product Security.
This issue was discovered by Francisco Alonso of Red Hat Product Security.
Red Hat would like to thank Graham Dumpleton for reporting of this issue. Upstream acknowledges Róbert Kisteleki as the original reporter.
Red Hat would like to thank Graham Dumpleton for reporting of this issue. Upstream acknowledges Buck Golemon as the original issue reporter.
Red Hat would like to thank LSE Leading Security Experts GmbH for reporting this issue.
Red Hat would like to thank Daniel Berteaud of FIREWALL-SERVICES SARL for reporting this issue.
Red Hat would like to thank Dolev Farhi of F5 Networks for reporting this issue.
This issue was discovered by Marek Schmidt of Red Hat.
This issue was discovered by Arpit Tolani of Red Hat, with the security implications raised by Stephen Gallagher of Red Hat.
Red Hat would like to thank the upstream Django project for reporting this issue. Upstream acknowledges Benjamin Bach as the original reporter.
Red Hat would like to thank the upstream Django project for reporting this issue. Upstream acknowledges Paul McMillan as the original reporter.
Red Hat would like to thank the upstream Django project for reporting this issue. Upstream acknowledges the Ruby on Rails team, and specifically Michael Koziarski, as the original reporters.
Red Hat would like to thank Stephane Chazelas for reporting this issue.
Red Hat would like to thank Thomas Stangner for reporting this issue.
Red Hat would like to thank the upstream Django project for reporting this issue. Upstream acknowledges Florian Apolloner as the original reporter.
Red Hat would like to thank the upstream Django project for reporting this issue. Upstream acknowledges David Wilson as the original reporter.
Red Hat would like to thank the upstream Django project for reporting this issue. Upstream acknowledges David Greisen as the original reporter.
Red Hat would like to thank the upstream Django project for reporting this issue. Upstream acknowledges Collin Anderson as the original reporter.
Red Hat would like to thank Nikolaus Rath for reporting this issue.
Red Hat would like to thank the upstream Django project for reporting this issue. Upstream acknowledges Michael Nelson, Natalia Bidart, and James Westby as the original reporters.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christian Holler, Terrence Cole, Jesse Ruderman, Gary Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen, and Sotaro Ikeda as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gary Kwong, Christian Holler, Jesse Ruderman, Carsten Book, Andrew Sutherland, Byron Campen, Nicholas Nethercote, Paul Adenot, David Baron, Julian Seward, and Dan Gohman as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Cody Crews as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jordi Chancel as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Boris Zbarsky as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Fredrik "Flonka" Lönnqvist as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jordan Milne as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Frederik Braun as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Arthur Gerkis as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Masato Kinugawa as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Soeren Balko as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Yazan Tommalieh as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Brian Smith as the original reporter of this issue.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Antoine Delignat-Lavaud and Karthikeyan Bhargavan as the original reporters.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Benoit Jacob, Olli Pettay, Jan Varga, Jan de Mooij, Jesse Ruderman, Dan Gohman, and Christoph Diehl as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gregor Wagner, Olli Pettay, Gary Kwong, Jesse Ruderman, Luke Wagner, Rob Fletcher, and Makoto Kato as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security researcher Ash as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Atte Kettunen as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges David Keeler as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Ehsan Akhgari as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Tim Philipp Schäfers and Sebastian Neef as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jeff Gilbert as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nicolas Golubovic as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Robert O'Callahan as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Tyson Smith and Jesse Schwartzentruber as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges John Thomson as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mariusz Mlynski as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mariusz Mlynski as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security research firm VUPEN as the original reporter of this issue.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jüri Aedla as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges George Hotz as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Bobby Holley, Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, and Christian Holler as the original reporters.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Security researcher Ash as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Boris Zbarsky as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jukka Jylänki as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mariusz Mlynski as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges moz_bug_r_a4 as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Tyson Smith and Jesse Schwartzentruber of the BlackBerry Security Automated Analysis Team as the original reporters.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gary Kwong, Christoph Diehl, Christian Holler, Hannes Verschore, Jan de Mooij, Ryan VanderMeulen, Jeff Walden, and Kyle Huey as the original reporters.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gary Kwong, Jesse Ruderman, Christian Holler, Gregor Wagner, Benoit Jacob, Karl Tomlinson, and Jeff Walden as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Tyson Smith and Jesse Schwartzentruber as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Nils as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Looben Yang as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Tyson Smith and Jesse Schwartzentruber as the original reporters.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christian Holler, David Keeler and Byron Campen as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christian Holler, Gary Kwong, Jesse Ruderman, Andrew McCreight, Alon Zakai, Bobby Holley, Jonathan Watt, Shu-yu Guo, Steve Fink, and Terrence Cole as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Atte Kettunen as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Atte Kettunen as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Boris Zbarsky as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christian Holler, Jan de Mooij, Karl Tomlinson, Randell Jesup, Gary Kwong, Jesse Ruderman, JW Wang, Gary Kwong, Christian Holler, and David Weir as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christian Holler, Jan de Mooij, Karl Tomlinson, Randell Jesup, Gary Kwong, Jesse Ruderman, JW Wang, Gary Kwong, Christian Holler, and David Weir as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jethro Beekman as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Patrick Cozzi as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mozilla community member John as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christian Holler as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christian Holler as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christian Holler as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges David Chan and Gijs Kruitbosch as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Jan de Mooij as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Michal Zalewski as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges regenrecht as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Antoine Delignat-Lavaud and Intel Product Security Incident Response Team as the original reporters.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Bobby Holley, Christian Holler, David Bolter, Byron Campen, and Jon Coppeard as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Carsten Book, Christian Holler, Martijn Wargers, Shih-Chiang Chien, Terrence Cole, Eric Rahm , and Jeff Walden as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Atte Kettunen as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Michal Zalewski as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges regenrecht as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Patrick McManus and David Keeler as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Boris Zbarsky as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Patrick McManus and David Keeler as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Eric Shepherd and Jan-Ivar Bruaroey as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Eric Shepherd and Jan-Ivar Bruaroey as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Gary Kwong, Randell Jesup, Nils Ohlmeier, Jesse Ruderman, and Max Jonas Werner as the original reporters.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christian Holler, Gary Kwong, Jon Coppeard, Eric Rahm, Byron Campen, Eric Rescorla, and Xidorn Quan as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Cody Crews as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Joe Vennix as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Muneaki Nishimura as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Berend-Jan Wever as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Boris Zbarsky as the original reporter.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
This issue was discovered by Daniel Borkmann of Red Hat Inc.
Red Hat would like to thank Matthew Daley for reporting these issues.
Red Hat would like to thank Matthew Daley for reporting these issues.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Fabián Cuchietti and Ateeq ur Rehman Khan as the original reporter.
Red Hat would like to thank the strongSwan project for reporting this issue.
This issue was discovered by the Red Hat Security Response Team.
Red Hat would like to thank oCERT for reporting this issue. oCERT acknowledges Ivan Fratric of the Google Security Team as the original reporter.
This issue was discovered by Jaroslav Henner of Red Hat.
Red Hat would like to thank the Xen project for reporting this issue. Upstream acknowledges Török Edwin for discovering this bug.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Heikki Linnakangas and Noah Misch as the original reporters.
Red Hat would like to thank the CERT Coordination Center (CERT/CC) for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank Kees Cook of Google for reporting this issue. Google acknowledges Pinkie Pie as the original reporter.
Red Hat would like to thank Puppet Labs for reporting this issue. Upstream acknowledges Dennis Rowe (shr3kst3r) as the original reporter.
Red Hat would like to thank Puppet Labs for reporting this issue.
This issue was discovered as part of the state loading QEMU audit performed by Michael S. Tsirkin of Red Hat, Anthony Liguori, and Michael Roth.
This issue was discovered by Tomas Kyjovsky of the Red Hat Quality Engineering Team.
Red Hat would like to thank GnuTLS upstream for reporting this issue.
Red Hat would like to thank GnuTLS upstream for reporting this issue. Upstream acknowledges Joonas Kuorilehto of Codenomicon as the original reporter.
Red Hat would like to thank GnuTLS upstream for reporting this issue.
Red Hat would like to thank GnuTLS upstream for reporting this issue.
Red Hat would like to thank GnuTLS upstream for reporting this issue.
Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Felix Gröbert and Ivan Fratrić of Google as the original reporters of this issue.
Red Hat would like to thank CA Technologies for reporting this issue.
Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Jason Hullinger from Hewlett Packard as the original reporter.
Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Craig Lorentzen from Cisco as the original reporter.
Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Michael Xin from Rackspace as the original reporter.
This issue was discovered by Steven Hardy of Red Hat.
Red Hat would like to thank D-Bus upstream for reporting this issue. Upstream acknowledges Alban Crequy of Collabora Ltd. as the original reporter.
This issue was discovered by Francisco Alonso of Red Hat Product Security.
This issue was discovered by Francisco Alonso of Red Hat Product Security.
This issue was discovered by Francisco Alonso of Red Hat Product Security.
This issue was discovered by the Red Hat JBoss Enterprise Application Platform QE team.
Red Hat would like to thank the Ruby on Rails project for reporting this issue. Upstream acknowledges Sean Griffin of thoughtbot as the original reporter.
Red Hat would like to thank the Ruby on Rails project for reporting this issue. Upstream acknowledges Sean Griffin of thoughtbot as the original reporter.
This issue was discovered by David Jorm of Red Hat Product Security.
This issue was discovered by Kurt Seifried of Red Hat Product Security.
This issue was discovered by Francisco Alonso of Red Hat Product Security.
Red Hat would like to thank Laurentiu Luca for reporting this issue.
This issue was discovered by David Jorm of Red Hat Product Security.
This issue was discovered by Dominic Cleal of Red Hat.
Red Hat would like to thank the Samba project for reporting this issue. The Samba project acknowledges Simon Arlott as the original reporter.
This issue was discovered by Eric Christensen of Red Hat Product Security.
This issue was discovered by Jeremy Choi of the Red Hat HSS Pen-test Team.
Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges the Globo.com Security Team as the original reporter.
Red Hat would like to thank Jon Stanley for reporting this issue.
Red Hat would like to thank the Subversion project for reporting this issue. Upstream acknowledges Ben Reser of WANdisco as the original reporter.
Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Alex Gaynor from Rackspace as the original reporter.
Red Hat would like to thank Harun ESUR of Sceptive for reporting this issue.
Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Jamie Lennox from Red Hat as the original reporter.
This issue was discovered by Radek Steiger of Red Hat.
Red Hat would like to thank the Subversion project for reporting this issue. Upstream acknowledges Ben Reser of WANdisco as the original reporter.
Red Hat would like to thank Alexander Papadakis for reporting this issue.
Red Hat would like to thank D-Bus upstream for reporting this issue. Upstream acknowledges Alban Crequy of Collabora Ltd. as the original reporter.
Red Hat would like to thank D-Bus upstream for reporting this issue.
Red Hat would like to thank Martin Schwidefsky of IBM for reporting this issue.
This issue was discovered by Francisco Alonso of the Red Hat Security Response Team.
This issue was discovered by Jan Kaluža of the Red Hat Web Stack Team.
Red Hat would like to thank Andrew Ayer for reporting this issue.
Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Liping Mao from Cisco as the original reporter.
This issue was discovered by Idan Shaby and Allon Mureinik of Red Hat.
This issue was discovered by David Jorm of Red Hat Product Security.
This issue was discovered by Ludwig Krispenz of Red Hat.
Red Hat would like to thank Tomáš Trnka for reporting this issue.
This issue was discovered by Arun Babu Neelicattu of Red Hat Product Security.
Red Hat would like to thank Andrew Drake of Dropbox for reporting this issue.
This issue was discovered by Jan Hutař of Red Hat.
This issue was discovered by Jan Pokorný of Red Hat.
Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Dennis Felsch and Mario Heiderich from the Horst Görtz Institute for IT-Security, Ruhr-University Bochum as the original reporters.
Red Hat would like to thank Ron Bowes of Google for reporting this issue.
This issue was discovered by David Jorm and Arun Neelicattu of Red Hat Product Security.
This issue was discovered by David Kutálek of Red Hat BaseOS QE.
Red Hat would like to thank Andrew Drake of Dropbox for reporting this issue.
Red Hat would like to thank Georgi Geshev of MWR Labs for reporting this issue.
Red Hat would like to thank Jack Morgenstein of Mellanox for reporting this issue; the security impact of this issue was discovered by Michael Tsirkin of Red Hat.
This issue was discovered by Arun Babu Neelicattu of Red Hat Product Security.
This issue was discovered by Francisco Alonso of Red Hat Product Security.
This issue was discovered by Garth Mollett of Red Hat Product Security.
Red Hat would like to thank the Squid project for reporting this issue. Upstream acknowledges Matthew Daley as the original reporter.
Red Hat would like to thank Lars Bull of Google and Nadav Amit for reporting
this issue.
Red Hat would like to thank Lars Bull of Google for reporting this issue.
Red Hat would like to thank the cURL project for reporting these issues. Upstream acknowledges Tim Ruehsen as the original reporter.
This issue was discovered by Laszlo Ersek of Red Hat.
Red Hat would like to thank the cURL project for reporting these issues. Upstream acknowledges Tim Ruehsen as the original reporter.
Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Brant Knudson from IBM as the original reporter.
Red Hat would like to thank Frey Alfredsson for reporting this issue.
This issue was discovered by Luyao Huang of Red Hat.
Red Hat would like to thank Rainer Gerhards of rsyslog upstream for reporting this issue.
Red Hat would like to thank D-Bus upstream for reporting this issue. Upstream acknowledges Simon McVittie as the original reporter.
Red Hat would like to thank D-Bus upstream for reporting this issue. Upstream acknowledges Alban Crequy as the original reporter.
Red Hat would like to thank D-Bus upstream for reporting this issue. Upstream acknowledges Alban Crequy as the original reporter.
Red Hat would like to thank D-Bus upstream for reporting this issue. Upstream acknowledges Alban Crequy as the original reporter.
Red Hat would like to thank D-Bus upstream for reporting this issue. Upstream acknowledges Alban Crequy as the original reporter.
Red Hat would like to thank Xavier Mehrenberger and Stephane Duverger of Airbus
for reporting this issue.
Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Duncan Thomas from Hewlett Packard as the original reporter.
This issue was discovered by Jan Rusnacko of Red Hat Product Security.
Red Hat would like to thank the Advanced Threat Research team at Intel Security for reporting this issue.
Red Hat would like to thank the Advanced Threat Research team at Intel Security for reporting this issue.
Red Hat would like to thank Nadav Amit for reporting this issue.
This issue was discovered by Jan Rusnacko and Trevor Jay of Red Hat Product Security.
This issue was discovered by Florian Weimer of Red Hat Product Security.
This issue was discovered by Florian Weimer of Red Hat Product Security.
Red Hat would like to thank Ron Bowes of Google for reporting this issue.
This issue was discovered by Florian Weimer of Red Hat Product Security.
This issue was discovered by Florian Weimer of Red Hat Product Security.
Red Hat would like to thank the Jenkins project for reporting this issue. Upstream acknowledges Daniel Beck as the original reporter.
Red Hat would like to thank the Jenkins project for reporting this issue. Upstream acknowledges Daniel Beck as the original reporter.
Red Hat would like to thank the Jenkins project for reporting these issues. Upstream acknowledges Daniel Beck as the original reporter.
Red Hat would like to thank the Jenkins project for reporting this issue. Upstream acknowledges Jesse Glick as the original reporter.
Red Hat would like to thank the Jenkins project for reporting this issue.
Red Hat would like to thank the Jenkins project for reporting this issue. Upstream acknowledges Stephen Connolly as the original reporter.
Red Hat would like to thank the Jenkins project for reporting this issue. Upstream acknowledges Jesse Glick as the original reporter.
This issue was discovered by Liu Wei of Red Hat.
Red Hat would like to thank the SUSE Security Team for reporting this issue.
Red Hat would like to thank the SUSE Security Team for reporting this issue.
Red Hat would like to thank the SUSE Security Team for reporting this issue.
Red Hat would like to thank the Jenkins project for reporting this issue. Upstream acknowledges Wilder Rodrigues as the original reporter.
Red Hat would like to thank the Jenkins project for reporting this issue. Upstream acknowledges Wilder Rodrigues as the original reporter.
Red Hat would like to thank the Jenkins project for reporting this issue. Upstream acknowledges Matthias Schmalz as the original reporter.
Red Hat would like to thank the Jenkins project for reporting this issue. Upstream acknowledges Seth Graham as the original reporter.
Red Hat would like to thank the rsyslog upstream for reporting this issue. Upstream acknowledges mancha as the original reporter.
Red Hat would like to thank Jouni Malinen for reporting this issue.
Red Hat would like to thank the Advanced Threat Research team at Intel Security for reporting this issue.
Red Hat would like to thank Andy Lutomirski for reporting this issue.
Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges an anonymous person and Jacob Appelbaum of the Tor Project as the original reporters, with thanks to Moxie Marlinspike for first publishing about this type of vulnerability.
Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Yves Younan and Richard Johnson of Cisco Talos as the original reporters.
Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Yves Younan and Richard Johnson of Cisco Talos as the original reporters.
Red Hat would like to thank the Pidgin project for reporting this issue. Upstream acknowledges Thijs Alkemade and Paul Aurich as the original reporters.
This issue was discovered by Yair Fried of Red Hat.
Red Hat would like to thank the cURL project for reporting this issue. Upstream acknowledges Symeon Paraschoudis as the original reporter.
Red Hat would like to thank the OpenStack Project for reporting this issue. The OpenStack Project acknowledges Mohammed Naser from Vexxhost as the original reporter.
This issue was discovered by Florian Weimer of Red Hat Product Security.
This issue was discovered by Francisco Alonso of Red Hat Product Security.
This issue was discovered by Jan Rusnacko of Red Hat Product Security.
Red Hat would like to thank the upstream Django project for reporting this issue. Upstream acknowledges Peter Kuma and Gavin Wahl as the original reporters.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue. Upstream acknowledges Jan Beulich as the original reporter.
Red Hat would like to thank David Reid, Alex Gaynor, and Glyph Lefkowitz from Rackspace for reporting this issue.
This issue was discovered by Florian Weimer of Red Hat Product Security.
Red Hat would like to thank the Ricardo Signes for reporting this issue. Upstream acknowledges Markus Vervier of LSE Leading Security Experts as the original reporter.
Red Hat would like to thank Don A. Bailey from Lab Mouse Security for reporting this issue.
Red Hat would like to thank Don A. Bailey from Lab Mouse Security for reporting this issue.
Red Hat would like to thank Gopal Reddy Kodudula of Nokia Siemens Networks for reporting this issue.
Red Hat would like to thank Andy Lutomirski for reporting this issue.
Red Hat would like to thank the GNU Wget project for reporting this issue. Upstream acknowledges HD Moore of Rapid7, Inc as the original reporter.
Red Hat would like to thank Sasha Levin for reporting this issue.
Red Hat would like to thank Vasily Averin of Parallels for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the upstream Libvirt project for reporting this
issue. Upstream acknowledges Daniel P. Berrange and Richard Jones as the original reporters.
Red Hat would like to thank Mischa Salle and Wilco Baan Hofman of Nikhef for reporting this issue.
Red Hat would like to thank Mischa Salle and Wilco Baan Hofman of Nikhef for reporting this issue.
Red Hat would like to thank Michael S. Tsirkin for reporting this issue.
Red Hat would like to thank oCERT for reporting this issue. oCERT acknowledges Nicolas RUFF as the original reporter.
Red Hat would like to thank oCERT for reporting this issue. oCERT acknowledges Nicolas RUFF as the original reporter.
Red Hat would like to thank oCERT for reporting this issue. oCERT acknowledges Nicolas RUFF as the original reporter.
Red Hat would like to thank oCERT for reporting this issue. oCERT acknowledges Nicolas RUFF as the original reporter.
Red Hat would like to thank oCERT for reporting these issues. oCERT acknowledges Nicolas RUFF as the original reporter.
Red Hat would like to thank the Xen for reporting this issue. Xen acknowledges
Vitaly Kuznetsov from Red Hat as the original reporter of this issue and David
Vrabel of Citrix as the one who diagnosed this issue as having security
repercussions.
Red Hat would like to thank Stephane Chazelas for reporting this issue.
Red Hat would like to thank the Docker project for reporting these issues. Upstream acknowledges Florian Weimer of Red Hat Product Security and independent researcher Tõnis Tiigi as the original reporters.
Red Hat would like to thank the Docker project for reporting this issue.
This issue was discovered by Florian Weimer of Red Hat Product Security.
Red Hat would like to thank the Xen for reporting this issue.
Red Hat would like to thank the Xen for reporting this issue.
Red Hat would like to thank the Xen for reporting this issue.
This issue was discovered by Florian Weimer of Red Hat Product Security.
This issue was discovered by Florian Weimer of Red Hat Product Security.
Red Hat would like to thank the Xen for reporting this issue.
This issue was discovered by Aaron Patterson of the Red CloudForms Team.
Red Hat would like to thank James Spadaro of Cisco for reporting this issue.
Red Hat would like to thank Roberto Soares of Conviso Application Security for reporting this issue.
This issue was discovered by Tim Waugh of the Red Hat Developer Experience Team.
Red Hat would like to thank the Ruby on Rails project for reporting this issue. Upstream acknowledges Eaden McKee, Dennis Hackethal & Christian Hansen of Crowdcurity, Juan C. Müller & Mike McClurg of Greenhouse.io, and Alex Ianus of Coinbase as the independent, original reporters.
Red Hat would like to thank the Ruby on Rails project for reporting this issue. Upstream acknowledges Eaden McKee, Dennis Hackethal & Christian Hansen of Crowdcurity, Juan C. Müller & Mike McClurg of Greenhouse.io , and Alex Ianus of Coinbase as the independent, original reporters.
Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Henry Yamauchi, Charles Neill and Michael Xin (Rackspace) as the original reporters.
This issue was discovered by Eric Blake of Red Hat.
Red Hat would like to thank Robert Święcki for reporting these issues.
Red Hat would like to thank Robert Święcki for reporting these issues.
Red Hat would like to thank FreeIPA upstream for reporting this issue.
Red Hat would like to thank the Ruby on Rails project for reporting this issue. Upstream acknowledges Behrouz Sadeghipour, Patrick Toomey of GitHub, and Remon Oldenbeuving of hackerone as the original, independent reporters.
This issue was discovered by Michael S. Tsirkin of Red Hat.
This issue was discovered by Liu Wei of Red Hat.
Red Hat would like to thank Nadav Amit for reporting this issue.
This issue was discovered by Miloš Prchlík of Red Hat.
This issue was discovered by Red Hat Product Security.
Red Hat would like to thank the OpenVPN project for reporting this issue. Upstream acknowledges Dragana Damjanovic as the original reporter.
This issue was found by Paolo Bonzini of Red Hat.
This issue was discovered by Florian Weimer of Red Hat Product Security.
Red Hat would like to thank Fabian Keil for reporting this issue.
Red Hat would like to thank Andy Lutomirski for reporting this issue.
Red Hat would like to thank Nadav Amit and Andy Lutomirski for reporting this issue.
Red Hat would like to thank Nadav Amit and Andy Lutomirski for reporting this issue.
Red Hat would like to thank GnuTLS upstream for reporting this issue. Upstream acknowledges Sean Burford as the original reporter.
Red Hat would like to thank the mod_auth_mellon team for reporting this issue. Upstream acknowledges Matthew Slowe as the original reporter.
Red Hat would like to thank the mod_auth_mellon team for reporting this issue.
Red Hat would like to thank the Xen for reporting this issue.
Red Hat would like to thank the Xen for reporting this issue.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Bobby Holley as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Bobby Holley as the original reporter.
Red Hat would like to thank the Xen for reporting this issue.
Red Hat would like to thank the Xen for reporting this issue.
Red Hat would like to thank oCERT for reporting these issues. oCERT acknowledges Jose Duart of the Google Security Team as the original reporter.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank Mahmoud Al-Qudsi of NeoSmart Technologies for reporting this issue.
Red Hat would like to thank Docker Inc. for reporting this issue.
Red Hat would like to thank Docker Inc. for reporting this issue.
Red Hat would like to thank Docker Inc. for reporting this issue.
Red Hat would like to thank the OpenStack Project for reporting this issue. Upstream acknowledges Eric Peterson from Time Warner Cable as the original reporter.
Red Hat would like to thank Andy Lutomirski for reporting this issue.
Red Hat would like to thank Andy Lutomirski for reporting this issue.
Red Hat would like to thank the Subversion project for reporting this issue. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter.
Red Hat would like to thank the Subversion project for reporting this issue. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter.
Red Hat would like to thank Thomas Jarosch of Intra2net AG for reporting these issues.
Red Hat would like to thank Thomas Jarosch of Intra2net AG for reporting this issue.
This issue was discovered by Elliott Baron of Red Hat.
Red Hat would like to thank oCERT for reporting these issues. oCERT acknowledges Jose Duart of the Google Security Team as the original reporter.
Red Hat would like to thank oCERT for reporting these issues. oCERT acknowledges Jose Duart of the Google Security Team as the original reporter.
Red Hat would like to thank oCERT for reporting these issues. oCERT acknowledges Michele Spagnuolo of the Google Security Team as the original reporter.
Red Hat would like to thank oCERT for reporting these issues. oCERT acknowledges Michele Spagnuolo of the Google Security Team as the original reporter.
Red Hat would like to thank oCERT for reporting these issues. oCERT acknowledges Michele Spagnuolo of the Google Security Team as the original reporter.
Red Hat would like to thank oCERT for reporting these issues. oCERT acknowledges Michele Spagnuolo of the Google Security Team as the original reporter.
Red Hat would like to thank Mr Carl Henrik Lunde for reporting this issue.
Red Hat would like to thank Nick Mathewson of Libevent upstream for reporting this issue. Upstream acknowledges Andrew Bartlett of Catalyst as the original reporter.
Red Hat would like to thank Robert Scheck of the Fedora Project for reporting this issue.
Red Hat would like to thank the strongSwan developers for reporting this issue. Upstream acknowledges Mike Daskalakis as the original reporter.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank curl project for reporting this issue. The curl project acknowledges Andrey Labunets of Facebook as the original reporter.
Red Hat would like to thank the curl project for reporting this issue. Upstream acknowledges Marc Hesse of RethinkDB as the original reporter.
This issue was discovered by the Red Hat CloudForms Team.
Red Hat would like to thank Carl Henrik Lunde for reporting this issue.
Red Hat would like to thank Mickaël Gallier for reporting this issue.
Red Hat would like to thank Mickaël Gallier for reporting this issue.
This issue was discovered by David Jorm of Red Hat Product Security.
This issue was discovered by Florian Weimer of Red Hat Product Security.
Red Hat would like to thank the Apache Software Foundation for reporting this issue. Upstream acknowledges G. Geshev from MWR Labs as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christian Holler and Patrick McManus as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Xiaofeng Zheng as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Muneaki Nishimura as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mitchell Harper as the original reporter.
Red Hat would like to thank the upstream Django project for reporting this issue.
Red Hat would like to thank the upstream Django project for reporting this issue.
Red Hat would like to thank the upstream Django project for reporting this issue.
Red Hat would like to thank the upstream Django project for reporting this issue.
This issue was discovered by the Red Hat CloudForms Team.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Bobby Holley as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Holger Fuhrmannek as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Michal Zalewski as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christoph Diehl, Christian Holler, Gary Kwong, Jesse Ruderman, Byron Campen, Terrence Cole, and Nils Ohlmeier as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Brian Smith as the original reporter.
This issue was discovered by Kurt Seifried of Red Hat Product Security.
This issue was discovered by Kurt Seifried of Red Hat Product Security.
This issue was discovered by Carsten Clasohm of Red Hat.
Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Jin Liu of EMC as the original reporter.
Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Tushar Patil of NTT as the original reporter.
This issue was discovered by Red Hat.
Red Hat would like to thank the Samba Team for reporting this issue. Upstream acknowledges Andrew Bartlett of Catalyst IT as the original reporter.
Red Hat would like to thank Marcos for reporting this issue.
Red Hat would like to thank oCERT for reporting this issue. oCERT acknowledges pyddeh as the original reporter.
Red Hat would like to thank oCERT for reporting this issue. oCERT acknowledges pyddeh as the original reporter.
Red Hat would like to thank Yann Rouillard for reporting this issue.
Red Hat would like to thank Yann Rouillard for reporting this issue.
This issue was found by Luyao Huang of Red Hat.
Red Hat would like to thank Qualys for reporting this issue.
Red Hat would like to thank Nadav Amit for reporting this issue.
Red Hat would like to thank Akira Fujita of NEC for reporting this issue.
Red Hat would like to thank the MIT Kerberos project for reporting this issue. MIT Kerberos project acknowledges Nico Williams for helping with analysis of CVE-2014-5352.
Red Hat would like to thank the MIT Kerberos project for reporting this issue.
Red Hat would like to thank the MIT Kerberos project for reporting this issue.
Red Hat would like to thank the MIT Kerberos project for reporting this issue.
This issue was found by Marcelo Ricardo Leitner of Red Hat.
This issue was discovered by Jan Rusnacko of the Red Hat Product Security Team.
Red Hat would like to thank Red Hat Enterprise Visualization Engineering for reporting this issue.
This issue was discovered by Yedidyah Bar David of [the] Red Hat Enterprise Virtualization team.
Red Hat would like to thank oCERT for reporting these issues. oCERT acknowledges Jose Duart of the Google Security Team as the original reporter.
Red Hat would like to thank Georgi Geshev of MWR Labs for reporting this issue.
Red Hat would like to thank Georgi Geshev of MWR Labs for reporting this issue.
This issue was discovered by Zbyněk Roubalík of Red Hat.
This issue was discovered by Arun Babu Neelicattu of the Red Hat Security Response Team.
This issue was discovered by Dhiru Kholia of Red Hat Product Security.
Red Hat would like to thank Rune Steinseth of JProfessionals for reporting this issue.
This issue was discovered by Darran Lofthouse of the Red Hat JBoss Enterprise Application Platform Team.
This issue was discovered by Ondra Lukas of the Red Hat Quality Engineering Team.
This issue was discovered by Darran Lofthouse of the Red Hat JBoss Enterprise Application Platform Team.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Emil Lenngren as the original reporter.
Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Andres Freund, Peter Geoghegan, Bernd Helmle, and Noah Misch as the original reporters.
Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Marko Tiikkaja as the original reporter.
Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Bruce Momjian as the original reporter.
Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Stephen Frost as the original reporter.
This issue was discovered by Olivier Fourdan of Red Hat.
Red Hat would like to thank William Robinet for reporting this issue.
This issue was discovered by David Jorm of Red Hat Product Security.
Red Hat would like to thank David Jorm for reporting this issue.
Red Hat would like to thank David Jorm for reporting this issue.
Red Hat would like to thank Intel for reporting these issues. Upstream
acknowledges Rafal Wojtczuk, Bromium and Corey Kallenberg, MITRE, as
the original reporters.
Red Hat would like to thank ISC for reporting this issue.
This issue was found by Xiong Zhou of Red Hat.
Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Richard van Eeden of Microsoft Vulnerability Research as the original reporter of this issue.
This issue was discovered by Robin Hack of Red Hat.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Carsten Book, Christoph Diehl, Gary Kwong, Jan de Mooij, Liz Henry, Byron Campen, Tom Schuster, and Ryan VanderMeulen as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Atte Kettunen as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christian Holler, Gary Kwong, Jesse Ruderman, Byron Campen, Randell Jesup, Robin Whittleton, Jon Coppeard, and Nikhil Marathe as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Daniele Di Proietto as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Paul Bandha as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Armin Razmdjou as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Muneaki Nishimura as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Alexander Kolesnik as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Atte Kettunen as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Atte Kettunen as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Atte Kettunen as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Pantrombka as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Abhishek Arya as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Matthew Noorenberghe as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Armin Razmdjou as the original reporter.
This issue was discovered by Sun Baoliang of Red Hat.
Red Hat would like to thank qinghao tang of Qihoo 360 Technology for reporting this issue.
Red Hat would like to thank the Georgia Institute of Technology for reporting this issue.
Red Hat would like to thank Eric Windisch of the Docker project for reporting
this issue.
This issue was discovered by Ludwig Krispenz of the Red Hat Identity Management Engineering Team.
This issue was discovered by Petr Špaček of the Red Hat Identity Management Engineering Team.
Red Hat would like to thank Sara Perez Merino of SensePost for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
Red Hat would like to thank the Xen project for reporting this issue.
This issue was discovered by Rob Crittenden of Red Hat.
This issue was discovered by Marcel Kolaja of Red Hat.
Red Hat would like to thank Mellanox for reporting this issue.
Red Hat would like to thank the upstream Django project for reporting this issue.
Red Hat would like to thank the OpenStack project for reporting this issue. Upstream acknowledges Brian Manifold of Cisco, and Paul McMillan of Nebula as the original reporters.
This issue was discovered by Nikos Mavrogiannopoulos of the Red Hat Security Technologies Team.
This issue was discovered by Florian Weimer of Red Hat Product Security.
This issue was discovered by Juraj Marko of the Red Hat QE Team.
This issue was discovered by Michael Scherer of Red Hat.
This issue was discovered by Andrew Griffiths of Red Hat Product Security.
This issue was discovered by Kurt Seifried of Red Hat Product Security.
This issue was discovered by Kurt Seifried of Red Hat Product Security.
This issue was discovered by Andrew Griffiths of Red Hat Product Security.
Red Hat would like to thank the upstream Django project for reporting this issue.
Red Hat would like to thank the upstream Django project for reporting this issue.
Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Matt Caswell of the OpenSSL development team as the original reporter.
Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Robert Dugal and David Ramos as the original reporters.
Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Sean Burford of Google and Emilia Käsper of the OpenSSL development team as the original reporters.
Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Daniel Danner and Rainer Mueller as the original reporters.
Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges David Ramos of Stanford University as the original reporter.
Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Stephen Henson of the OpenSSL development team as the original reporter.
Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Per Allansson as the original reporters.
Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Matt Caswell of the OpenSSL development team as the original reporter.
Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Emilia Käsper as the original reporter.
Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Stephen Henson of the OpenSSL development team as the original reporter.
Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Michal Zalewski of Google as the original reporter.
Red Hat would like to thank the OpenSSL project for reporting this issue. Upstream acknowledges Brian Carpenter as the original reporter.
This issue was discovered by David Jorm of Red Hat Product Security.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mariusz Mlynski as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges ilxu1a as the original reporter.
Red Hat would like to thank David Jorm of IIX Product Security for reporting this issue.
This issue was discovered by Daniel P. Berrange of Red Hat.
Red Hat would like to thank Takeshi Terada of Mitsui Bussan Secure Directions, Inc. for reporting this issue.
This issue was discovered by Nikos Mavrogiannopoulos of the Red Hat Security Technologies Team.
This issue was discovered by Sumit Bose of Red Hat.
This issue was discovered by Sumit Bose of Red Hat.
Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for
reporting this issue.
Red Hat would like to thank Eric Windisch of Docker Inc. for reporting this issue.
This issue was discovered by Alexandre Oliva of Red Hat Inc.
This issue was discovered by Hao Liu of Red Hat.
This issue was discovered by Alessandro Vozza of Red Hat.
Red Hat would like to thank the Apache Software Foundation for reporting this issue. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter.
Red Hat would like to thank the Apache Software Foundation for reporting this issue. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter.
Red Hat would like to thank the Apache Software Foundation for reporting this issue. Upstream acknowledges Evgeny Kotkov of VisualSVN as the original reporter.
Red Hat would like to thank the Xen for reporting this issue.
Red Hat would like to thank the Xen for reporting this issue.
Red Hat would like to thank the Xen for reporting this issue.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Olli Pettay and Boris Zbarsky as the original reporters.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christoph Kerschbaumer and Muneaki Nishimura as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Christian Holler, Byron Campen, and Steve Fink as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mariusz Mlynski as the original reporter.
Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Aki Helin as the original reporter.
Not vulnerable. This issue did not affect the versions of libarchive as shipped with Red Hat Enterprise Linux 4, 5, and 6.
Not Vulnerable. This issue does not affect the version of webkitgtk as shipped with Red Hat Enterprise Linux 6.
Not Vulnerable. This issue does not affect the version of webkitgtk as shipped with Red Hat Enterprise Linux 6.
Not Vulnerable. This issue does not affect the version of webkitgtk as shipped with Red Hat Enterprise Linux 6.
Not Vulnerable. This issue does not affect the version of webkitgtk as shipped
with Red Hat Enterprise Linux 6.
Not Vulnerable. This issue does not affect the version of webkitgtk as shipped
with Red Hat Enterprise Linux 6.
Not Vulnerable. This issue does not affect the version of webkitgtk as shipped
with Red Hat Enterprise Linux 6.
Not Vulnerable. This issue does not affect the version of webkitgtk as shipped
with Red Hat Enterprise Linux 6.
Not vulnerable. This issue did not affect the versions of php or php53 as shipped with Red Hat Enterprise Linux 5 and 6, and the versions of php54-php as shipped with Red Hat Software Collections 1, as they did not include the vulnerable function (it was introduced in PHP 5.5.0). This issue also did not affect the versions of gd as shipped with Red Hat Enterprise Linux 5 and 6.
Not vulnerable. This issue did not affect the versions of php or php53 as shipped with Red Hat Enterprise Linux 5 and 6, and the versions of php54-php as shipped with Red Hat Software Collections 1, as they did not include the vulnerable function (it was introduced in PHP 5.5.0). This issue also did not affect the versions of gd as shipped with Red Hat Enterprise Linux 5 and 6.
This issue has been addressed in nfs-server packages as shipped in Red Hat Linux since version nfs-server-2.2beta37.
Not vulnerable. This flaw is specific to statd on Solaris, IRIX, Unixware and AIX platforms.
Not vulnerable. This flaw is specific to statd on Solaris platform.
Not vulnerable. This issue did not affect the versions of the Linux kernel as
shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG. The Linux kernel has implemented secure random number generated initial TCP sequences to prevent TCP hijacking attacks since 1996.
Not vulnerable. This flaw is specific to automountd on Solaris platform.
Not vulnerable. This flaw is specific to statd on Solaris platform.
Red Hat Enterprise Linux by default does respond to ICMP echo requests, although it's likely that in a production environment those would be filtered by some firewall on entry to your network. However you can happily block ICMP ping responses using iptables if you so wish, but note that there is no known vulnerability in allowing them.
For more details, please see:
http://kbase.redhat.com/faq/FAQ_43_4304.shtm
Red Hat Enterprise Linux is configured by default to respond to all ICMP requests. Users may configure the firewall to prevent a system from responding to certain ICMP requests.
Red Hat does not consider CVE-1999-0997 to be a security vulnerability. The wu-ftpd process chroots itself into the target ftp directory and will only run external commands as the user logged into the ftp server. Because the process chroots itself, an attacker needs a valid login with write access to the ftp server, and even then they could only potentially execute commands as themselves.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
This issue has been addressed in nfs-utils packages as shipped in Red Hat Linux 6.2 via https://rhn.redhat.com/errata/RHSA-2000-043.html.
This issue is a duplicate of CVE-2000-0666, which has been corrected via RHSA-2000:043.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 2.1 ships with wu-ftp version 2.6.2 which is not vulnerable to this issue.
This issue did NOT affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2.
Not vulnerable. This issue did not affect the version of atmel-firmware as shipped with Red Hat Enterprise Linux 6 as it did not implement the SNMP protocol support.
CVE-2001-0935 refers to vulnerabilities found when SUSE did a code audit of the wu-ftpd glob.c file in wu-ftpd 2.6.0. They shared these details with the wu-ftpd upstream authors who clarified that some of the issues did not apply, and all were addressed by the version of glob.c in upstream wu-ftpd 2.6.1. Therefore we believe that the issues labelled as CVE-2001-0935 do not affect wu-ftpd 2.6.1 or later versions and therefore do not affect Red Hat Enterprise Linux 2.1.
This issue affects the version of the openssh as shipped with Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this issue as having low security impact. This issue is not currently planned to be addressed in future openssh updates for Red Hat Enterprise Linux 4. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/. This issue did not affect the versions of openssh as shipped with Red Hat Enterprise Linux 5 and 6, since it is SSH-1 protocol specific and those versions did not enable SSH-1 protocol support in the default configuration.
Not vulnerable. This issue did not affect the versions of OpenSSH as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
This is not a security issue. The mod_usertrack cookies are not designed to be used for authentication.
This is a duplicate CVE name and is a combination of CVE-2003-0020 and CVE-2003-0083.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Not vulnerable. This flaw is specific to Apache HTTP server on Windows platforms.
Red Hat does not intend to take any action on this issue. This is the expected behavior of Mailman and is not considered to be a security flaw by upstream. If Mailman upstream addresses this issue in a future update, we may revisit our decision.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat do not consider this to be a security issue and there are many ways that you can identify or fingerprint a Linux machine. Users that wish to block fingerprinting can use various techniques to disguise their operating system, for example see
http://www.infosecwriters.com/text_resources/pdf/nmap.pdf
Not vulnerable. This issue did not affect the versions of OpenSSH as shipped with Red Hat Enterprise Linux 3 or later.
This issue did not affect the OpenSSL packages as shipped with Red Hat Enterprise Linux 2.1 as they were not compiled with S/Key or BSD_AUTH support. The upstream patch for this issue and CVE-2002-0640 was included in an errata so that users recompiling OpenSSL with support for those authentication methods would also be protected:
https://rhn.redhat.com/errata/RHSA-2002-131.html
Not vulnerable. This issue did not affect the versions of PostgreSQL as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
Not vulnerable. This issue did not affect the versions of SquirrelMail as shipped with Red Hat Enterprise Linux 3 or 4.
Not vulnerable. This issue did not affect the versions of SquirrelMail as shipped with Red Hat Enterprise Linux 3 or 4.
Not vulnerable. This issue did not affect the versions of SquirrelMail as shipped with Red Hat Enterprise Linux 3 or 4.
Not vulnerable. This issue did not affect the versions of Apache HTTP server as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162899
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
Not vulnerable. This issue did not affect the versions of Mozilla as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
Not vulnerable. This issue only affects a third-party patch to Cyrus SASL, not distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
Not vulnerable. This issue did not affect the versions of Mozilla as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
Not vulnerable. This issue did not affect the versions of Apache HTTP server as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
This issue did not affect the versions of Samba as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
We do not believe this is a security vulnerability. This is the documented and expected behaviour of rpm.
Not vulnerable. This issue did not affect the RPM packages of OpenOffice as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
Not vulnerable. This issue did not affect the Linux kernels as shipped with Red
Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG.
Red Hat Enterprise Linux 4 and 5 are not vulnerable to this issue as they both contain a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
This issue affected Red Hat Enterprise Linux 2.1 and an update was released to correct it:
http://rhn.redhat.com/errata/RHSA-2003-244.html
Red Hat Enterprise Linux 3 contained a backported patch to correct this issue since release. This issue does not affect the versions of Apache in Enterprise Linux 4 or later.
This issue has been addressed in nfs-utils packages as shipped in Red Hat
Enterprise Linux 2 via https://rhn.redhat.com/errata/RHSA-2003-207.html.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
For Red Hat Enterprise Linux 2.1 OpenSSL packages (openssl, openssl096, openssl095a) issue was addressed via RHSA-2003:293.
The OpenSSL packages in Red Hat Enterprise Linux 3 and 4 (openssl, openssl096b) contain a backported patch since their initial release.
The OpenSSL packages in Red Hat Enterprise Linux 5 are based on fixed upstream release (openssl), or contain backported patch since their initial release (openssl097a).
For Red Hat Enterprise Linux 2.1 OpenSSL packages (openssl, openssl096, openssl095a) issue was addressed via RHSA-2003:293.
The OpenSSL packages in Red Hat Enterprise Linux 3 and 4 (openssl, openssl096b) contain a backported patch since their initial release.
The OpenSSL packages in Red Hat Enterprise Linux 5 are based on fixed upstream release (openssl), or contain backported patch since their initial release (openssl097a).
Not vulnerable. The OpenSSL packages in Red Hat Enterprise Linux 2.1 were not affected by this issue.
The OpenSSL packages in Red Hat Enterprise Linux 3 and 4 contain a backported patch since their initial release (openssl), or were not affected by this issue (openssl096b).
The OpenSSL packages in Red Hat Enterprise Linux 5 are based on fixed upstream release (openssl), or contain backported patch since their initial release (openssl097a).
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=114923
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
This issue does not affect Red Hat Enterprise Linux 4.
Not vulnerable.
This flaw is fixed in Red Hat Enterprise Linux 2.1 via the errata RHSA-2003:280.
This flaw is fixed in Red Hat Enterprise Linux 3 as a backported patch. The source RPM contains the patch openssh-3.6.1p2-owl-realloc.diff which resolved this flaw before Red Hat Enterprise Linux 3 GA.
This flaw does not affect any subsequent versions of Red Hat Enterprise Linux.
Not vulnerable.
This flaw is fixed in Red Hat Enterprise Linux 2.1 via the errata RHSA-2003:280.
This flaw is fixed in Red Hat Enterprise Linux 3 as a backported patch. The source RPM contains the patch openssh-3.6.1p2-owl-realloc.diff which resolved this flaw before Red Hat Enterprise Linux 3 GA.
This flaw does not affect any subsequent versions of Red Hat Enterprise Linux.
Not vulnerable.
This flaw is fixed in Red Hat Enterprise Linux 2.1 via the errata RHSA-2003:280.
This flaw is fixed in Red Hat Enterprise Linux 3 as a backported patch. The source RPM contains the patch openssh-3.6.1p2-owl-realloc.diff which resolved this flaw before Red Hat Enterprise Linux 3 GA.
This flaw does not affect any subsequent versions of Red Hat Enterprise Linux.
Not vulnerable. This issue did not affect the version of openssh as shipped with Red Hat Enterprise Linux 3 as it did not include the upstream PAM password authentication module reimplementation, introduced in OpenSSH 3.7. This issue did not affect the versions of openssh as shipped with Red Hat Enterprise Linux 4, 5, and 6.
Not affected. Red Hat did not ship iptables-devel or anything else that used these vulnerable functions with Red Hat Enterprise Linux 2.1 or 3. Red Hat Enterprise Linux 4 and 5 contained a backported patch to correct this issue.
We do not consider these to be security issues:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1
We do not consider these to be security issues:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1
Not vulnerable. This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1. The PHP packages in Red Hat Enterprise Linux 3 contain a backported patch to address this issue since release.
The issue was fixed upstream in PHP 4.3.3. The PHP packages in Red Hat Enterprise Linux 4 and 5 are based on fixed upstream versions.
This issue did not affect the versions of Xscreensaver as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
Red Hat Enterprise Linux 5 is not vulnerable to this issue.
This is not a vulnerability. When PHP scripts are interpreted using the dynamically loaded mod_php DSO, the PHP interpreter executes with the privileges of the httpd child process. The PHP intepreter does not "sandbox" PHP scripts from the environment in which they run.
On any modern Unix system a process can easily obtain access to all the parent file descriptors anyway, even if they have been closed.
Not vulnerable. Red Hat Enterprise Linux 2.1 shipped with fvwm, however this issue does not affect the included version of fvwm.
Red Hat does not consider this issue to be a security vulnerability since no trust boundary is crossed. The user must voluntarily interact with the attack mechanism to exploit this flaw, with the result being the ability to run code as themselves.
Red Hat does not consider this to be a security issue. The information returned poses no threat to the target machine running httpd.
Not vulnerable. This issue did not affect the versions of SpamAssassin as shipped with Red Hat Enterprise Linux 3, 4, or 5.
The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 and 3 which is in maintenance mode.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Not vulnerable. This issue did not affect Linux.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
The DHS advisory is a good source of background information about the
issue: http://www.us-cert.gov/cas/techalerts/TA04-111A.html
It is important to note that the issue described is a known function of TCP. In order to perform a connection reset an attacker would need to know the source and destination ip address and ports as well as being able to guess the sequence number within the window. These requirements seriously reduce the ability to trigger a connection reset on normal TCP connections. The DHS advisory explains that BGP routing is a specific case where being able to trigger a reset is easier than expected as the end points can be easily determined and large window sizes are used. BGP routing is also signficantly affected by having its connections terminated. The major BGP peers have recently switched to requiring md5 signatures which mitigates against this attack.
The following article from Linux Weekly News also puts the flaw into context and shows why it does not pose a significant threat:
http://lwn.net/Articles/81560/
Red Hat does not have any plans for action regarding this issue.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Not vulnerable. This issue did not affect the versions of MySQL as shipped with Red Hat Enterprise Linux 4, 5, or 6.
Not vulnerable. This issue did not affect the versions of MySQL as shipped with Red Hat Enterprise Linux 4, 5, or 6.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Not vulnerable. cdrecord is not shipped setuid and does not need to be made setuid with Red Hat Enterprise Linux 2.1, 3, or 4 packages.
Not Vulnerable. This issue only affected Apache 2.0.51, which was not shipped in any version of Red Hat Enterprise Linux.
We do not class this as a security issue; this can only cause a denial of service for the attacker.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=140074
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=140058
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Not vulnerable. cscope packages shipped with Red Hat Enterprise Linux 3, 4, and 5 contain a backported patch since their first release.
This issue is only will only cause a denial of service on the connection the attacker is using. It therefore is not a security issue.
Red Hat does not consider this issue to be a security vulnerability since no trust boundary is crossed. There are no known uses of this function which could allow a remote attacker to execute arbitrary code.
We do not consider this to be a security issue:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139478#c1
We do not consider safe_mode / open_basedir restriction bypass issues being security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
We do not consider safe_mode / open_basedir restriction bypass issues being security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
This issue did not affect the versions of mailman shipped with Red Hat Enterprise Linux 2.1, 3, or 4. In addition, we believe this issue does not apply to the 2.0.x versions of mailman due to setting of STEALTH_MODE
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
This issue was resolved in all affected libtiff versions as shipped with Red Hat Enterprise Linux 2.1, 3, and 4 via a patch for CVE-2004-0886. For updates containing patches for CVE-2004-0886, see: https://rhn.redhat.com/errata/CVE-2004-0886.html
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
We do not consider these to be security issues:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1
Permitting TCP forwarding is the expected and known default configuration. If it is not desired, it can disabled using the AllowTcpForwarding option in the /etc/ssh/sshd_config configuration file. However, only disabling TCP forwarding does not improve security unless users are also denied shell access. For more information, see man sshd_config.
This CVE is a duplicate (rediscovery) of CVE-2002-0838
The Red Hat Security Response Team rated this issue as having low security impact. This issue affected Red Hat Enterprise Linux 2.1 but due to the low severity will not be fixed. metamail was not shipped in Red Hat Enterprise Linux 3, 4, or 5.
Not vulnerable. These issues did not affect the versions of OpenLDAP as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
Not vulnerable. We did not ship snmpd setuid root in Red Hat Enterprise Linux 2.1, 3, or 4.
The Apache Software Foundation do not treat this as a security issue. A configuration change can be made to disable the ability to respond to HTTP TRACE requests if required.
For more information please see:
http://www.apacheweek.com/issues/03-01-24#news
Red Hat does not consider this to be a security issue.
Not vulnerable. This issue did not affect the versions of Samba as distributed with Red Hat Enterprise Linux 3, or 4. Red Hat Enterprise Linux 2.1 shipped with a version of Samba prior to 3.0.6, but we verified by code audit that it is not affected by this issue.
Not vulnerable. This issue only affected 2.5 STABLE4 and 2.5 STABLE5 versions of Squid and does not affect the versions of Squid distributed with Red Hat Enterprise Linux.
The Red Hat Security Response Team has rated this issue as having low security impact. We no longer plan to fix this flaw in Red Hat Enterprise Linux 4.
Not vulnerable. The Linux kernel as shipped with with Red Hat Enterprise Linux 2.1, 3, 4 and 5 did not include the Sbus PROM module and therefore are not affected by this issue.
The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode.
Please see http://kbase.redhat.com/faq/docs/DOC-15379
Not vulnerable. These issues did not affect the versions of htdig as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=144263
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Not vulnerable. Red Hat Enterprise Linux 2.1 shipped with wu-ftpd, however we were unable to reproduce this issue. Additionally, a code analysis showed that attempts to exploit this issue would be caught in the versions we shipped.
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=149720
Not vulnerable. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.
Not vulnerable. This issue did not affect the versions of Cyrus SASL as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
We do not consider this a security vulnerability; this is the expected behaviour.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
The Red Hat Security Response Team has rated this issue as having low security
impact, a future update may address this flaw.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
We do not consider this a security issue, the bug can only manifest if the software is invoked on a sudoers file that is contained in a world writable directory.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
This is defined and documented behaviour:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=156313
Not vulnerable. Adobe told us this issue did not affect the Linux version of Adobe Reader.
Red Hat does not consider this to be a vulnerability. htdigest is not supplied setuid or setgid and should not be run from a CGI program.
Not vulnerable. This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Based on our research we believe that the "OpenSSL ASN.1 brute forcer." is actually exploiting flaws CVE-2003-0543, CVE-2003-0544, CVE-2003-0545. Those issues are all addressed in Red Hat Enterprise Linux and therefore CVE-2005-1730 is a duplicate assignment.
We do not believe this is a security issue; this is a deliberate circumvention of the Javamail API. The Javamail API provides a comprehensive and secure method to retrieve mail. In this example, the author retreives the message directly from the mail directory on the filesystem. Even if the user insists on using this incorrect way of accessing mail, then the permissions set by the dovecot and tomcat packages are enough to protect against direct access to most of the files listed in the bug report.
The OpenSSL Team do not consider this issue to be a practical threat. Conducting an attack such as this has shown to be impractical outside of a controlled lab environment. If the OpenSSL Team decide to produce an update to correct this issue, we will consider including it in a future security update.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
This issue was addressed in unzip packages as shipped with Red Hat Enterprise Linux 3 and 4 via RHBA-2007:0418 and RHSA-2007:0203 respectively.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
This is the documented and expected behaviour of tar.
Not vulnerable. These issues did not affect the version of BlueZ as shipped with Red Hat Enterprise Linux 4.
Not vulnerable. This issue did not affect the Linux versions of Mutt.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162681
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Not vulnerable. This issue did not affect the versions of OpenSSH as shipped with Red Hat Enterprise Linux 2.1, 3 or 4.
This issue does not affect Red Hat Enterprise Linux 2.1 and 3.
This flaw was fixed in Red Hat Enterprise Linux 4 via errata RHSA-2005:527:
http://rhn.redhat.com/errata/RHSA-2005-527.html
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169803
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
We do not consider this to be a security issue:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139478#c1
Not vulnerable. These issues did not affect the versions of Mozilla and Firefox as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Not vulnerable. This issue did not affect the ncompress packages as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
Updated packages to correct this issue are available along with our advisory:
http://rhn.redhat.com/errata/CVE-2005-3011.html
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
We do not consider these to be security issues:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170518
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 and 3 which are in maintenance mode.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Not vulnerable. These issues do not affect the versions of Squid as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
We do not class this as a security issue as it only allows local users who have the privileges to create .htaccess files the ability to cause a denial of service. Untrusted users should never be given the ability to create .htaccess files.
We do not consider these to be security issues:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1
We do not consider these to be security issues:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1
Not vulnerable. This issue is caused by the way ImageMagick was packaged by Gentoo and does not affect Red Hat Enterprise Linux packages.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
We do not consider this to be a security issue.
https://bugzilla.redhat.com/show_bug.cgi?id=139478#c1
This issue was addressed in Red Hat Enterprise Linux 4 via https://rhn.redhat.com/errata/RHSA-2007-0245.html and in Red Hat Enterprise Linux 3 via https://rhn.redhat.com/errata/RHSA-2010-0145.html.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
The Red Hat Security Response Team has rated this issue as having low security impact. An update is available for Red Hat Enterprise Linux 4 to correct this issue:
http://rhn.redhat.com/errata/RHSA-2007-0018.html
This issue did not affect Red Hat Enterprise Linux 2.1 and 3.
This issue did not affect the versions of OpenLDAP as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
This issue did not affect the versions of OpenOffice.org as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178960
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode.
Not vulnerable. This issue did not affect the FreeRADIUS packages as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
Not vulnerable. This issue did not affect the FreeRADIUS packages as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
This issue did not affect the Linux glibc.
gas (and gcc) make no promise that they are fault tolerant to bad input. We do not plan on producing security updates for Red Hat Enterprise Linux to correct these bugs.
gas (and gcc) make no promise that they are fault tolerant to bad input. We do not plan on producing security updates for Red Hat Enterprise Linux to correct these bugs.
Not vulnerable. The MadWiFi wireless driver is not shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2005-4881
This issue has been rated as having moderate security impact. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5, and Red Hat Enterprise MRG. It affects Red Hat Enterprise Linux 3, and 4.
It was addressed in Red Hat Enterprise Linux 4 via: https://rhn.redhat.com/errata/RHSA-2009-1522.html
This issue is not planned to be fixed in Red Hat Enterprise Linux 3, due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important and critical impact are addressed.
For further information about Errata Support Policy, visit: http://www.redhat.com/security/updates/errata/
This issue affects the version of coreutils package, as shipped with Red Hat Enterprise Linux 4. Red Hat Enterprise Linux 4 is however in the Extended Life Cycle Support (ELS) phase. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
This issue did not affect Red Hat Enterprise Linux 2.1, 3, or 4.
Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
We do not consider this to be a security issue.
https://bugzilla.redhat.com/show_bug.cgi?id=139478#c1
This issue was addressed in Red Hat Enterprise Linux 2.1, 3 and 4:
https://rhn.redhat.com/errata/CVE-2006-0225.html
https://www.redhat.com/security/data/cve/CVE-2006-0225.html
Issue was fixed upstream in version 4.3. The openssh packages in Red Hat Enterprise Linux 5 are based on the fixed upstream version and were not affected by this flaw.
Not vulnerable. We verified that this issue does not affect Linux versions of Thunderbird.
This issue did not affect the versions of Fetchmail as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
This issue did not affect the versions of libtiff as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
Not vulnerable. This vulnerability was introduced into the Linux kernel in version 2.6.12 and therefore does not affect users of Red Hat Enterprise Linux 2.1, 3, or 4.
This issue only affects parsers which are generated by grammars which either use REJECT or rules with a variable trailing context (in these rules the parser has to keep all backtracking paths). The Red Hat Security Response Team analysed all packages that include flex generated parsers in Red Hat Enterprise Linux (2.1, 3, and 4) and found none were vulnerable.
This issue did not affect the versions of PostgreSQL as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
Red Hat is aware of this issue and is tracking it via the following bug for Red Hat Enterprise Linux 3
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=207347
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
This issue was fixed for Red Hat Enterprise Linux 4 in the following errata:
http://rhn.redhat.com/errata/RHEA-2006-0355.html
This issue does not affect Red Hat Enterprise Linux 2
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187945
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
This issue does not affect Red Hat Enterprise Linux 2.1 or 3.
This issue only affected Dovecot versions 1.0beta1 and 1.0beta2. Red Hat Enterprise Linux 4 shipped with an earlier version of Dovecot and is therefore not vulnerable to this issue.
Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 do not include log4net.
This issue did not affect the versions of OpenSSH as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
Red Hat is aware of this issue and is tracking it via the following bug for Red Hat Enterprise Linux 2.1 and 3:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=194613
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
This issue has been fixed for Red Hat Enterprise Linux 4 in RHSA-2006:0544.
Not vulnerable. This issue did not affect the versions of bind as shipped with Red Hat Enterprise Linux 5 and 6 and version of bind97 as shipped with Red Hat Enterprise Linux 5 as in the default configuration the named service accept DNS queries only from localhost.
We do not consider these to be security issues:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1
We do not consider these to be security issues:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1
We do not consider safe_mode / open_basedir restriction bypass issues being security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188302
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
This issue does not affect Red Hat Enterprise Linux 2.1 and 3.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187385
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
This issue does not affect Red Hat Enterprise Linux 2.1 or 3.
This issue did not affect the versions of mod_python as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat is aware of this issue and is tracking it via the following bugs:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=193053
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=229194
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode.
Not vulnerable. greylistclean.cron is not supplied in the exim packages as distributed with Red Hat Enterprise Linux.
This issue did not affect the versions of OpenSSH as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187900
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed.
We do not consider these to be security issues:
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1
Red Hat does not consider this to be a security issue. Enabling the -r option is not suggested without the -x option which is clearly documented in the /etc/sysconfig/syslog configuration file.
Red Hat does not consider this to be a security issue. The FastCGI server is local trusted code and not under the control of an attacker, no trust boundary is crossed.
For more information please see:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2050
This issue did not affect the version of bind as shipped with Red Hat Enterprise Linux 5. We do not believe this issue has a security consequence for earlier versions of Red Hat Enterprise Linux. For details please see
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192192
Not vulnerable. This issue does not affect the versions of rsync distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
This issue does not affect Red Hat Enterprise Linux 2.1 and 3
This issue was addressed in Red Hat Enterprise Linux 4 via: https://rhn.redhat.com/errata/RHSA-2008-0848.html
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Not vulnerable. The winbind plugin is not shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
This issue only affected version 4.1.1 and not the versions distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
Not vulnerable. This issue does not affect the versions of Dovecot distributed with Red Hat Enterprise Linux.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192278
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
This issue does not affect Red Hat Enterprise Linux 2.1 or 3.
Not vulnerable. This issue does not affect the versions of LibVNCServer as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
Not vulnerable. This issue does not affect the versions of cyrus-imapd distributed with Red Hat Enterprise Linux.
We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1
and http://www.php.net/security-note.php
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
This issue was addressed in libtiff packages as shipped in Red Hat Enterprise Linux 2.1, 3, and 4 via: https://rhn.redhat.com/errata/RHSA-2006-0603.html
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
This is not an issue that affects users of Red Hat Enterprise Linux.
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=196255
This issue is not exploitable as the status file is only written to and read by the slurpd process. Therefore this is not a vulnerability that affects Red Hat Enterprise Linux 2.1, 3, or 4.
Not vulnerable. This issue does not affect the versions of Evolution as distributed with Red Hat Enterprise Linux.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Not vulnerable. We do not ship aRts as setuid root on Red Hat Enterprise Linux 2.1, 3, or 4.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat does not consider this a security issue. It is expected behavior that a large input file will cause the processing program to use a large amount of memory.
We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1
and http://www.php.net/security-note.php
Unknown: CVE-2006-3018 has been assigned to an issue in PHP where the cause and fix are unknown, and the impact cannot be verified. The source of the CVE assignment was a single line statement in the PHP 5.1.3 release announcement, http://www.php.net/release_5_1_3.php, reading: "Fixed a heap corruption inside the session extension." Of the changes made to the session extension between releases 5.1.2 and 5.1.3, none would fix a bug matching this description by our analysis.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Not vulnerable. Adobe told us that this issue does not affect the Linux versions of Adobe Acrobat Reader.
This issue did not affect the versions of NetPBM distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
This issue has not been able to be reproduced by upstream or after a Red Hat code review. We therefore do not believe this is a security vulnerability.
On Red Hat Enterprise Linux 2.1, 3, 4, and 5 this is a two-byte overflow into the middle of the stack and is not exploitable.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
This issue affects the version of the passwd command from the shadow-utils package. Red Hat Enterprise Linux 2.1, 3, and 4 are not vulnerable to this issue.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
This issue was addressed in mysql packages as shipped in Red Hat Enterprise Linux 4 via:
https://rhn.redhat.com/errata/RHSA-2008-0768.html
This issue did not affect mysql packages as shipped with Red Hat Enterprise Linux 2.1, 3, or 5, and Red Hat Application Stack v1 and v2.
We do not consider this issue to have security implications, and therefore have no plans to issue MySQL updates for Red Hat Enterprise Linux 2.1, 3, or 4 to correct this issue.
Adobe gave a statement that these issues do not affect the Linux versions of Macromedia Flash Player.
Adobe gave a statement that these issues do not affect the Linux versions of Macromedia Flash Player.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198912
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
This vulnerability does not affect Red Hat Enterprise Linux 2.1 or 3 as they are based on 2.4 kernels.
The exploit relies on the kernel supporting the a.out binary format. Red Hat Enterprise Linux 4, Fedora Core 4, and Fedora Core 5 do not support the a.out binary format, causing the exploit to fail. We are not currently aware of any way to exploit this vulnerability if a.out binary format is not enabled. In addition, a default installation of these OS enables SELinux in enforcing mode. SELinux also completely blocks attempts to exploit this issue.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198973#c10
We do not consider a crash of a client application such as Konqueror to be a security issue.
We do not consider a user-assisted crash of a client application such as Firefox to be a security issue.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
The ability to exploit this issue is dependent on the stack layout for a particular compiled version of mod_rewrite. If the compiler has added padding to the stack immediately after the buffer being overwritten, this issue can not be exploited, and Apache httpd will continue operating normally.
The Red Hat Security Response Team analyzed Red Hat Enterprise Linux 3 and Red Hat Enterprise Linux 4 binaries for all architectures as shipped by Red Hat and determined that these versions cannot be exploited. This issue does not affect the version of Apache httpd as supplied with Red Hat Enterprise Linux 2.1
This issue is not a security issue in Tomcat itself, but is caused when directory listings are enabled.
Details on how to disable directory listings are available at: http://tomcat.apache.org/faq/misc.html#listing
This issue does not affect versions of Mikmod 3.2.0-beta2 or prior. Versions of Mikmod distributed with Red Hat Enterprise Linux 2.1, 3, and 4 are based on version 3.1.11 and are therefore not vulnerable to this issue.
Vulnerable. This issue affects the versions of php as shipped with Red Hat Enterprise Linux 5 and 6. This issue affects the version of php53 as shipped with Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this issue as having low security impact. A future update might address this flaw. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
This issue was corrected in all affected mysql packages versions as shipped in Red Hat Enterprise Linux or Red Hat Application Stack via:
https://rhn.redhat.com/errata/CVE-2006-4031.html
This issue did not affect mysql packages as shipped with Red Hat Enterprise Linux 2.1 or 3
Not Vulnerable. The version of BIND that ships with Red Hat Enterprise Linux is not vulnerable to this issue as it does not handle signed RR records.
Not Vulnerable. This issue was found and fixed as part of Red Hat Enterprise Linux 4 update 4:
http://rhn.redhat.com/errata/RHBA-2006-0288.html
and Red Hat Enterprise Linux 3 update 8:
http://rhn.redhat.com/errata/RHBA-2006-0287.html
This issue does not affect Red Hat Enterprise Linux 2.1
LessTif is shipped with Red Hat Enterprise Linux 2.1 but not 3 or 4. On Enterprise Linux 2.1 we build LessTif with debugging disabled, so the DEBUG_FILE environment variable is ignored and this issue cannot be exploited.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Updates to address this issue are available for Red Hat Enterprise Linux 3 and 4:
https://rhn.redhat.com/cve/CVE-2006-4146.html
Red Hat Enterprise Linux 5 was not vulnerable to this issue as it contained a backported patch.
Not Vulnerable. Red Hat does not ship GNU Radius in Red Hat Enterprise Linux 2.1, 3, or 4.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=203426
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
This issue does not affect Red Hat Enterprise Linux 2.1 or 3
This issue did not affect the versions of MySQL as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
Red Hat Enterprise Linux 5 was not vulnerable to this issue as it contained a backported patch since its first release.
In Red Hat Enterprise Linux 3 and 4, this issue was addressed via: https://rhn.redhat.com/errata/RHSA-2009-1101.html
Red Hat does not consider this flaw a security issue. This flaw is the result of a NULL pointer dereference, which is not exploitable and can only cause a client crash.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=220595
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=220595
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=220595
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Vulnerable. This issue affects OpenSSL and OpenSSL compatibility packages in Red Hat Enterprise Linux 2.1, 3, and 4. Updates, along with our advisory are available at the URL below.
http://rhn.redhat.com/errata/RHSA-2006-0661.html
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
We do not consider this to be a PHP flaw. The problem is caused by the insufficient input validation performed by Zend platform.
This flaw causes a crash but does not result in a denial of service against Sendmail and is therefore not a security issue.
Not Vulnerable. This issue does not exist in Red Hat Enterprise Linux 2.1 or 3. This issue not exploitable in Red Hat Enterprise Linux 4. A detailed analysis of this issue can be found in the Red Hat Bug Tracking System:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=195555
We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
Not vulnerable. This issue did not affect versions of wvWare library included in koffice packages as shipped with Red Hat Enterprise Linux 2.1
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat no longer plans to fix this issue in Red Hat Enterprise Linux 4.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=205826
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode.
Red Hat is aware of this issue and is tracking it via the following bug for Red Hat Enterprise Linux 4:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=204912
This issue does not affect Red Hat Enterprise Linux 2.1 or 3.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=205651
The Red Hat Security Response Team has rated this issue as having low security impact and expects to release a future update to address this flaw. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 and 3 which are in maintenance mode.
This bug will be addressed in a future update of Red Hat Enterprise Linux 4.
We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 do not include imlib2.
Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 do not include imlib2.
Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 do not include imlib2.
Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 do not include imlib2.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 3, and 4.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
This issue also affects other OS that use NSPR. However, Red Hat does not ship any application linked setuid or setgid against NSPR and therefore is not vulnerable to this issue.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat does not consider this flaw a security issue. This flaw can cause an OpenSSH client to crash when connecting to a malicious server, which does not result in a denial of service condition.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
This issue did not affect Red Hat Enterprise Linux 2.1 and 3.
This issue was addressed in Red Hat Enterprise Linux 4 and 5 via
https://rhn.redhat.com/errata/RHSA-2007-0703.html and https://rhn.redhat.com/errata/RHSA-2007-0540.html respectively.
Red Hat is aware of this issue and is tracking it via the following bug for Red Hat Enterprise Linux 4:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=210128
This issue does not affect Red Hat Enterprise Linux 2.1 or 3.
Red Hat does not consider this issue to be a security vulnerability. We have been in contact with the upstream project regarding this problem and agree that this issue currently poses no security threat. In the event more information becomes available, we will revisit this issue in the future.
Red Hat does not consider this issue to be a security vulnerability. We have been in contact with the upstream project regarding this problem and agree that this issue currently poses no security threat. In the event more information becomes available, we will revisit this issue in the future.
Not Vulnerable. This flaw only affects kernel versions 2.6.14 to 2.6.18. Red Hat Enterprise Linux 2.1, 3, and 4 does not ship with a vulnerable kernel version.
We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat has been unable to reproduce this flaw and believes that the reporter was experiencing behavior specific to his environment. We will not be releasing update to address this issue.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211085
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211085
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode.
Not vulnerable. These issues did not affect the versions of libX11 as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=213515
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat is aware of this issue and are tracking it via bug 213214 for Red Hat Enterprise Linux 4:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=213214
This issue does not affect Red Hat Enterprise Linux 2.1 or 3
Red Hat does not consider a user-assisted crash of a client application such as Firefox to be a security issue.
Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, or 5. Red Hat Enterprise Linux 2.1 did not ship for PowerPC architecture.
Not Vulnerable. The squashfs module is not distributed as part of Red Hat Enterprise Linux 2.1, 3, or 4. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
This flaw does not affect the Linux kernel shipped with Red Hat Enterprise Linux 2.1 or 3.
This flaw affects the Linux kernel shipped with Red Hat Enterprise Linux 4. We are tracking this flaw via bug 216452:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216452
Red Hat Enterprise Linux 2.1 is not vulnerable to this issue as it only affects x86_64 architectures.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch at release.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Not Vulnerable. The OpenLDAP versions shipped with Red Hat Enterprise Linux 4 and earlier do not contain the vulnerable code in question. Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
This issue did not affect Red Hat Enterprise Linux 2.1.
This issue was addressed in Red Hat Enterprise Linux 3 and 4 via
https://rhn.redhat.com/errata/RHSA-2006-0738.html .
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
The CVE-2006-5823 is about a corrupted cramfs (MOKB-07-11-2006) that can cause a memory corruption and so crash the machine.
For Red Hat Enterpise Linux 3 this issue is tracked via Bugzilla #216960 and for Red Hat Enterprise Linux 4 it is tracked via Bugzilla #216958.
Red Hat Enterprise Linux 2.1 is not vulnerable to this issue.
This issue has been rated as having low impact, because root privileges or physical access to the machine are needed to mount a corrupted filesystem and crash the machine.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat is aware of this issue and is tracking it via the following bug for Red Hat Enterprise Linux 2.1. This issue did not affect Red Hat Enterprise Linux 3 or 4.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=215593
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Not vulnerable. The vulnerable code is not used by any application likned with libsoup shipped with Red Hat Enterprise Linux 2.1, 3, and 4.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Not vulnerable. Red Hat Enterprise Linux 2.1 shipped with fvwm, however this issue does not affect the included version of fvwm.
Not vulnerable. This issue does not affect the versions of fetchmail distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat does not consider unexploitable client application crashes to be security flaws. This bug causes a stack recursion crash which is not exploitable.
Not vulnerable. This issue did not affect Linux versions of Adobe Reader.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Not Vulnerable. The kernel as shipped with Red Hat Enterprise Linux 2.1, 3, and 4 do not contain gfs2 filesystem support.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Not vulnerable. This flaw was first introduced in gdm version 2.14. Therefore these issues did not affect the earlier versions of gdm as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat is aware of this issue and is tracking it for Red Hat Enterprise Linux 4 via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=218602
This issue does not affect the version of the Linux kernel shipped with Red Hat Enterprise Linux 2.1 or 3.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 ship with versions of Kerberos 5 prior to version 1.4 and are therefore not affected by these vulnerabilities.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 ship with versions of Kerberos 5 prior to version 1.4 and are therefore not affected by these vulnerabilities.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat does not consider this bug to be a security flaw. In order for this flaw to be exploited, a user would be required to enter shellcode into an interactive GnuPG session. Red Hat considers this to be an unlikely scenario.
Red Hat Enterprise Linux 5 contains a backported patch to address this issue.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Not vulnerable. This issue does not affect the Linux version of Adobe Reader.
We do not consider a crash of a client application such as Konqueror or other KFile users to be a security issue.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch. For other versions of Red Hat Enterprise Linux see http://rhn.redhat.com/cve/CVE-2006-6303.html
This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG. Shipped kernels do not include upstream commit d025c9db that introduced the problem.
This upstream commit was backported in Red Hat Enterprise Linux 5 via RHSA-2009:0225. It was later reported and addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0046.html
Not vulnerable. This issue does not affect the versions of net-smtp as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Not vulnerable. The MadWiFi wireless driver is not shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1
and http://www.php.net/security-note.php
Not Vulnerable. eEye Research advisory AD20061207 (Intel Network Adapter Driver Local Privilege Escalation) describes a flaw in the Linux Kernel drivers for the e100, e1000, and ixgb Intel network cards. The flaw affects the NDIS miniport drivers and its OID support. The Linux Kernel drivers do not support the NDIS API and the OID concept from Microsoft Windows.
Not vulnerable. OpenLDAP as shipped with Red Hat Enterprise Linux 2.1, 3, and 4 does not support the LDAP_AUTH_KRBV41 authentication method.
Red Hat does not consider this flaw a security issue. This flaw will only crash OpenOffice.org and presents no possibility for arbitrary code execution.
Not vulnerable. This issue did not affect the versions of KDE as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
The Red Hat Security Response Team has rated this issue as having low security impact. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 3, 4, or 5.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=221459
We do not consider a crash of a client application such as wget to be a security issue.
This flaw was fixed in wget shipped in Red Hat Enterprise Linux 5 before the initial release of the product. Version of wget shipped in Red Hat Enterprise Linux 3 and 4 are affected by this bug.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
We do not consider a crash of a client application such as KsIRC to be a security issue.
This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1 or 3.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=223072
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
This issue can only be exploited if pending signals (ulimit -i) is set to "unlimited". In case of Red Hat Enterprise Linux version 2.1, 3 and 4 this is not the case and therefore they are not vulnerable to this issue.
Not vulnerable. This issue was specific to a Debian patch to Apache HTTP Server.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
This flaw has been rated as having a low severity by the Red Hat Security Response Team. More information about this rating can be found here:
http://www.redhat.com/security/updates/classification/
This flaw is currently being tracked via the following bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=231449
https://bugzilla.redhat.com/show_bug.cgi?id=231448
The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 and 3 which are in maintenance mode.
Not vulnerable. Our testing found that this issue did not affect the versions of Kmail as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
** DISPUTED ** Sendmail classes the CipherList directive as "for future release"; currently unsupported and undocumented. Therefore the lack of support for the CipherList directive in various Red Hat products is not a vulnerability.
Not vulnerable. The MadWiFi wireless driver is not shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. The MadWiFi wireless driver is not shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. The MadWiFi wireless driver is not shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. The MadWiFi wireless driver is not shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1
and http://www.php.net/security-note.php
The memory_limit configuration option is used to constrain the amount of memory which a script can consume during execution. If this setting is disabled (or set unreasonably high), it is expected behaviour that scripts will be able to consume large amounts of memory during script execution.
The memory_limit setting is enabled by default in all versions of PHP distributed in Red Hat Enterprise Linux and Application Stack.
Red Hat does not consider a user assisted client crash such as this to be a security flaw.
This issue did not affect the MySQL packages as shipped in Red Hat Enterprise Linux 2.1, 3, and 4 as they did not support INFORMATION_SCHEMA, introduced in MySQL version 5.
Not vulnerable. This issue did not affect the versions of the xterm package, as shipped with Red Hat Enterprise Linux 3, 4, and 5, and the version of the XFree86 (providing xterm) and hanterm-xf packages, as shipped with Red Hat Enterprise Linux 2.1.
This issue was addressed in Red Hat Enterprise Linux 5 via RHBA-2012:0319: https://rhn.redhat.com/errata/RHBA-2012-0319.html
It did not affect versions of gnutls as shipped with Red Hat Enterprise Linux 4 and 6.
These flaws do not affect any version of libpng shipped with Red Hat Enterprise Linux.
This issue was corrected in Red Hat Enterprise Linux 5 via RHSA-2009:1335. It did not affect openssl packages shipped with Red Hat Enterprise Linux 6.
This issue was corrected in Red Hat Enterprise Linux 5 via RHSA-2009:1335. It did not affect openssl packages shipped with Red Hat Enterprise Linux 6.
Not vulnerable. These issues did not affect the versions of pam as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Not vulnerable. This issue did not affect the versions of dhcp as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
The Red Hat Security Response Team has rated this issue as having low security impact. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1, 3, 4, or 5:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-0062
This issue is the same as CVE-2007-5365. The affected dhcp versions were fixed via: https://rhn.redhat.com/errata/RHSA-2007-0970.html
Not vulnerable. The affected code is in an optional module that is not shipped in Red Hat Enterprise Linux 2.1, 3, or 4.
Red Hat does not consider this issue to be a security vulnerability. The pottential attacker has to send acknowledgement packets periodically to make server generate traffic. Exactly the same effect could be achieved by simply downloading the file. The statement that setting the TCP window size to arbitrarily high value would permit the attacker to disconnect and stop sending ACKs is false, because Red Hat Enterprise Linux limits the size of the TCP send buffer to 4MB by default.
Some implementations of the PDF specification erroneously allow page tree objects that refer back to themselves. As a result, an infinite loop could be created. We believe this could only result in a denial of service against the application. We do not consider a user-assisted DoS of a client application to be a security issue.
Not Vulnerable. This flaw is the result of an infinite recursion flaw in xpdf, which cannot result in arbitrary code execution.
Not vulnerable. This issue does not affect the older versions of neon as shipped with Red Hat Enterprise Linux 2.1, 3, and 4. This issue also does not affect the older versions of neon included in the cadaver package.
Not vulnerable. This issue did not affect the versions of slocate as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
Not vulnerable. This issue did not affect the versions of libgtop as shipped with Red Hat Enterprise Linux 2.1 or 3.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
This flaw affects Red Hat Enterprise Linux 4 and is being tracked via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=249884
Not vulnerable. This issue did not affect Zope included within the conga package shipped with Red Hat Enterprise Linux 5.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
This issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
This issue did not affect the versions of Squid as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
Not vulnerable. These issues did not affect Linux versions of Samba.
Not vulnerable. These issues affect the AFS ACL module which is not distributed with Samba in Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=234312
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
The Red Hat Security Response Team has rated this issue as having low security
impact, a future update may address this flaw.
Not vulnerable. This issue did not affect the versions of ISC BIND as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=225414
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
Red Hat does not consider this issue to be a security vulnerability. The user would have to voluntarily interact with the attack mechanism to exploit the flaw, and the result would be the ability to run code as themselves.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228013
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=228013
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Not vulnerable. Red Hat did not ship the incomplete patch for CVE-2006-5456 and is therefore not affected by this issue.
Red Hat does not consider this issue to be a security vulnerability. On Red Hat Enterprise Linux processes that change their effective UID do not dump core by default when they receive a fatal signal. Therefore the NULL pointer dereference does not lead to an information leak.
Red Hat does not consider this issue to be a security vulnerability. It is correct and expected behavior for xterm not to zero-fill its scrollback buffer upon reception of terminal clear excape sequence.
We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1
and http://www.php.net/security-note.php
Not vulnerable. This flaw is a regression of the fix for CVE-2007-0906 affecting PHP version 5.2.1 only which results in any use of str_replace() causing a crash regardless of user input. These issues did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
This issue was fixed in php package updates for Red Hat Enterprise Linux and Red Hat Application Stack:
http://rhn.redhat.com/cve/CVE-2007-1001.html
This issue did not affect the versions of gd as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. This issue did not affect versions of libevent as shipped with Red Hat Enterprise Linux 5.
The JBoss AS console manager should always be secured prior to deployment, as directed in the JBoss Application Server Guide and release notes. By default, the JBoss AS installer gives users the ability to password protect the console manager. If the user did not use the installer, the raw JBoss services will be in a completely unconfigured state and these steps should be performed manually:
http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureJBoss
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-1199
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=232347
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
The phpinfo function should not be used in publically-accessible PHP scripts.
Not vulnerable. This issue did not affect Xen as shipped with Red Hat Enterprise Linux 5.
Not vulnerable. This issue did not affect Xen as shipped with Red Hat Enterprise Linux 5.
We do not consider this flaw to be a security issue as it is only exploitable by the script author. No trust boundary is crossed.
This flaw exists in versions of PHP as shipped in Red Hat Enterprise Linux 5 and Red Hat Application Stack 1.
These issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, Stronghold 4.0, or Red Hat Application Stack 2.
The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed.
Not vulnerable. These issues did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1.
Not vulnerable. These issues did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1.
Our previous fixes for CVE-2007-0906 included a patch that also addressed the issue now given CVE name CVE-2007-1380. For a full list of versions that contained a fix for this issue please see: https://rhn.redhat.com/cve/CVE-2007-1380.html
Not vulnerable. These issues did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1.
The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed.
Red Hat does not consider this to be a security vulnerability. Using import_request_variables() is generally a discouraged practice and it is improper use that can lead to security problems, not flaw of PHP itself.
Not vulnerable. The zip extension was not shipped in versions of PHP provided for Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1.
Not vulnerable. PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5 does not include Cracklib support.
Not vulnerable. PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5 does not include mssql support.
Not vulnerable. PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5 does not include ClibPDF support.
Not vulnerable. The php-snmp package as shipped with Red Hat Enterprise Linux 4 and 5 use net-snmp which is not vulnerable to this issue.
This issue did not affect mysql packages as shipped in Red Hat Enterprise Linux 2.1, 3, and 4.
Not vulnerable. The filter extension was not shipped in versions of PHP provided for Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1.
Not vulnerable. The filter extension was not shipped in versions of PHP provided for Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1.
Not vulnerable. The filter extension was not shipped in versions of PHP provided for Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1.
Not vulnerable. The zip extension was not shipped in versions of PHP provided for Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1.
The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed.
Not vulnerable. PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5 does not include ibase support.
The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed.
The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed.
The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=233592
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
We do not consider a crash of a client application such as Konqueror to be a security issue.
The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed.
The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed.
This CVE name is a duplicate as the vulnerability is addressed by CVE-2007-0907.
Not vulnerable. These issues did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1.
The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed.
This CVE name is a duplicate as the vulnerability is addressed by CVE-2007-0910.
Not vulnerable. PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Red Hat Application Stack, and Stronghold 4.0 do not include PHPDoc support.
We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=233581
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
This issue has no security impact.
Not vulnerable. This issue did not affect the version of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
These attacks are reliant on an insecure configuration of the server - that the user the server runs as has write access to the document root. The suexec security model is not intented to protect against privilege escalation in such a configuration
These attacks are reliant on an insecure configuration of the server - that the user the server runs as has write access to the document root. The suexec security model is not intented to protect against privilege escalation in such a configuration
These attacks are reliant on an insecure configuration of the server - that the user the server runs as has write access to the document root. The suexec security model is not intented to protect against privilege escalation in such a configuration
Not vulnerable. The zip extension was not distributed with PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1.
The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed.
This CVE name is a duplicate as the vulnerability is addressed by CVE-2007-0906.
The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed.
Not vulnerable. This issue was specific to httpd version 2.2.4 and did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 2.1, 3, 4 or 5.
The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed.
The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed.
This CVE name is a duplicate as the vulnerability is addressed by CVE-2007-0906.
We do not consider this flaw to be a security issue as it is only exploitable by the script author. No trust boundary is crossed.
For more information please see:
https://bugzilla.redhat.com/show_bug.cgi?id=mopb#c37
Not vulnerable. These issues did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1.
Not vulnerable. These issues did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1.
Not vulnerable. These issues did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1.
The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed.
Not vulnerable. The filter extension was not shipped in the versions of PHP supplied for Red Hat Enterprise Linux 2.1, 3, 4, 5, Stronghold 4.0, or Red Hat Application Stack 1.
Not vulnerable. These issues did not affect the versions of file as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
This issue affected Red Hat Enterprise Linux 4 and 5. Update packages were released to correct it via: http://rhn.redhat.com/errata/RHSA-2009-1471.html
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=236585
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235093
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
Not vulnerable. This issue is a flaw in the way Java and Quicktime interact.
This issue did not affect Red Hat Enterprise Linux prior to version 5. An update to Red Hat Enterprise Linux 5 was released to correct this issue:
https://rhn.redhat.com/errata/RHSA-2008-0297.html
Not vulnerable. These issues did not affect the versions of BIND as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. The OpenSSH packages as shipped with Red Hat Enterprise Linux do not contain S/KEY support.
This issue was fixed in RealPlayer for Red Hat Enterprise Linux 3 Extras, 4 Extras, 5 Supplementary by RHSA-2007:0841 on 17th August 2007:
https://rhn.redhat.com/errata/RHSA-2007-0841.html
(Our original advisory did not mention this issue was fixed as the details of the issue were not made public by RealNetworks until 25th October 2007)
This issue was fixed in RealPlayer for Red Hat Enterprise Linux 3 Extras, 4 Extras, 5 Supplementary by RHSA-2007:0841 on 17th August 2007:
https://rhn.redhat.com/errata/RHSA-2007-0841.html
(Our original advisory did not mention this issue was fixed as the details of the issue were not made public by RealNetworks until 25th October 2007)
This issue does not affect lftp as supplied with Red Hat Enterprise Linux 3.
This issue was addressed for Red Hat Enterprise Linux 5 by
https://rhn.redhat.com/errata/RHSA-2009-1278.html
The Red Hat Security Response Team has rated this issue as having low security impact, a future update to Red Hat Enterprise Linux 4 may address this flaw.
Red Hat ship Axis in a number of products; however the installation path of Axis is fixed and deterministic, so this flaw does not disclose otherwise unknown information. We do not plan on issuing updates to fix this issue.
Not vulnerable. This flaw is specific to Mac OS X and does not affect any version of Red Hat Enterprise Linux.
Red Hat does not consider a user assisted client crash such as this to be a security flaw.
Not vulnerable. These issues did not affect the versions of Samba as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-2448
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Not vulnerable. Red Hat did not ship GNU locate in Red Hat Enterprise Linux 2.1, 3, 4, or 5. This issue does not affect the mlocate or slocate packages that are supplied with Red Hat Enterprise Linux.
This issue did not affect the versions of the the Linux kernel supplied with Red Hat Enterprise Linux 2.1, 3, or 4.
For systems based on Red Hat Enterprise Linux 5, this is only an issue for systems without a real time clock, harddrive activity, or user input during boot time. Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241718
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or Red Hat Application Stack v2. Updates to correct this issue for Red Hat Enterprise Linux 5, and Red Hat Application Stack v1 are available at http://rhn.redhat.com/cve/CVE-2007-2510.html
The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. This bug described in CVE-2007-2511 can only be triggered by a script author since no trust boundary is crossed, this issue is not treated as security-sensitive.
Installation of a PEAR package from an untrusted source could allow malicious code to be installed and potentially executed by the root user. This is true regardless of the existence of this particular bug in the PEAR installer, so the bug would not be treated as security-sensitive. As when handling system RPM packages, the root user must always ensure that any packages installed are from a trusted source and have been packaged correctly.
This issue did not affect mysql packages as shipped in Red Hat Enterprise Linux 2.1, 3, and 4.
Red Hat does not consider this flaw to have security consequences. For more details please see the following:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240055
Updates for Red Hat Enterprise Linux are available from
http://rhn.redhat.com/errata/RHSA-2007-0386.html
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-2691
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
This issue did not affect mysql packages as shipped in Red Hat Enterprise Linux 2.1, 3 and 4.
Not vulnerable. These issues did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. This issue did not affect versions of ghostscript as shipped with Red Hat Enterprise Linux 2.1, 3, 4 or 5 as they do not include a bundled JasPer library.
Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5, or Red Hat
Application Stack 1, or 2, as the packages shipped are not compiled with the mcrypt extension affected by this issue.
Not vulnerable. This issue did not affect the versions of lcms as shipped with Red Hat Enterprise Linux 5.
We do not consider this flaw to be a security issue as it is only exploitable by the script author. No trust boundary is crossed.
This flaw exists in versions of PHP as shipped in Red Hat Enterprise Linux 5 and Red Hat Application Stack 1.
These issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or Red Hat Application Stack 2.
Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates for libwmf in Red Hat Enterprise Linux 5 and 6. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Not vulnerable. OPIE for PAM is not shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, 6, or 7.
Red Hat does not consider a user-assisted crash of a user application such as Emacs to be a security issue.
Not vulnerable. PHP is not built or supported in a multi-threaded environment in the packages distributed in Red Hat Enterprise Linux or Application Stack.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-2872
The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw.
This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1 or 3.
Not vulnerable. This issue did not affect Xen as shipped with Red Hat Enterprise Linux 5.
Not vulnerable. This issu did not affect the versions of bind as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Updates are available for Red Hat Enterprise Linux 2.1, 3, 4, and 5 to correct this issue:
http://rhn.redhat.com/errata/RHSA-2007-0740.html
Not vulnerable. This issue did not affect the versions of bind as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248542
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
Not vulnerable. This issue did not affect version of Sylpheed as shipped with Red Hat Enterprise Linux 2.1. Sylpheed and claws-mail are not shipped with Red Hat Enterprise Linux 3, 4, or 5.
We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
The Apache Software Foundation do not treat this as a security issue. A configuration change can be made to disable the ability to respond to HTTP TRACE requests if required.
For more information please see:
http://www.apacheweek.com/issues/03-01-24#news
This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1 or 3.
This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1 or 3.
Red Hat does not consider a user-assisted crash of a user application such as GIMP to be a security issue.
Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Not vulnerable. Mozilla is no longer shipped as part of any version of Red Hat Enterprise Linux. Mozilla was replaced by SeaMonkey in Red Hat Enterprise Linux by SeaMonkey which is not affected by this issue.
Not vulnerable. Versions of sudo package shipped with Red Hat Enterprise Linux versions 2.1, 3, 4 and 5 are linked with PAM support and never use libkrb5 authentication.
This is not a security vulnerability: it is the expected behaviour of parse_str when used without a second parameter.
Red Hat does not consider this do be a security issue. dblink is disabled in default configuration of PostgreSQL packages as shipped with Red Hat Enterprise Linux versions 2.1, 3, 4 and 5, and it is a configuration decision whether to grant local users arbitrary access.
Fixes to correct this bug were included in PostgreSQL updates:
https://rhn.redhat.com/cve/CVE-2007-3278.html
Red Hat does not consider this do be a security issue. Creating functions is intended feature of the PL/pgSQL language and is definitely not a security problem. Weak passwords are generally more likely to be guessed with brute force attacks and choosing a strong password according to good practices is considered to be a sufficent protection against this kind of attack.
Red Hat does not consider this do be a security issue. The ability of the superuser to execute code on behalf of the database server is an intended feature and imposes no security threat as the superuser account is restricted to the database administrator.
Not vulnerable. PHP is not complied with the tidy library as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5, or Red Hat Application Stack v1 or v2.
Not a vulnerability. In the security model used by Apache httpd, the less-privileged child processes (running as the "apache" user) completely handle the servicing of new connections. Any local user who is able to run arbitrary code in those children is therefore able to prevent new requests from being serviced, by design. Such users will also be able to "simulate" server load and force the parent to create children up to the configured limits, by design.
Not vulnerable. This issue did not affect the versions of avahi as shipped with Red Hat Enterprise Linux 5.
Not vulnerable, Red Hat do not ship the Lhaca file archiver. Note that an identical flaw was found affecting the lha file archiver in 2004, CVE-2004-0234. This issue was corrected by security update RHSA-2004:178 for Red Hat Enterprise Linux 2.1 and 3. Red Hat Enterprise Linux 4 was not vulnerable as it contained a backported patch to correct this issue from release.
http://rhn.redhat.com/errata/RHSA-2004-178.html
We do not consider this to be security issues. For more details see: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1 or 3.
Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates to libwmf on Red Hat Enterprise Linux 5 and 6. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates to libwmf on Red Hat Enterprise Linux 5 and 6. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
This issue did not affect the versions of gd as shipped with Red Hat Enterprise Linux 2.1 or 3 as they did not offer GIF image support.
We do not plan to backport a fix for this issue to the gd packages as shipped in Red Hat Enterprise Linux 4 and 5 due to the low likelihood of an application affected by this problem being exposed in a way that would allow a trust boundary to be crossed.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-3475
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-3476
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Due to the minimal impact of this flaw (temporary DoS by high CPU usage) and low likelihood of this problem being exposed in a way that would allow trust boundary crossing, we currently do not plan to backport a fix for this issue to the versions of gd as shipped in Red Hat Enterprise Linux 2.1, 3, 4 or 5.
We currently do not plan to backport a fix for this issue to gd packages in current versions of Red Hat Enterprise Linux 2.1, 3, 4, and 5 due to the low likelihood of and application affected by this problem being exposed in a way that would allow trust boundary to be crossed.
Not vulnerable. These issues did not affect the versions of freetype as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
After careful analysis by Red Hat and several Glibc developers, it has been determined that this bug is not exploitable.
For more information please see Red Hat Bugzilla bug #247208
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=247208
This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
Not vulnerable. The curl packages as shipped with Red Hat Enterprise Linux versions 2.1, 3, 4 and 5 are not linked against the gnutls library.
Red Hat does not consider bugs which result in a user-assisted crash of end user application to be a security issue.
Not vulnerable. This plugin is not shipped with Squirrelmail in Red Hat Enterprise Linux.
Not vulnerable. This plugin is not shipped with Squirrelmail in Red Hat Enterprise Linux.
Not vulnerable. This plugin is not shipped with Squirrelmail in Red Hat Enterprise Linux.
Not vulnerable. These issues did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
The Red Hat Security Response Team has rated this issue as having moderate security impact.
The risks associated with fixing this bug are greater than the moderate severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG.
Not vulnerable. libsilc was not shipped with Enterprise Linux 2.1 or 3. This issue did not affect the versions of libsilc as shipped with Red Hat Enterprise Linux 4 or 5.
This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1.
This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1 or 3.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248553
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248553
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Not vulnerable. This flaw is specific to PHP on Windows.
This issue does not affect the version of tcpdump shipped in Red Hat Enterprise Linux 2.1 or 3.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=250275
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-3799
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Not vulnerable. This issue only affected PHP on Windows platforms.
This issue did not affect Red Hat Enterprise Linux 2.1 or 3. For Red Hat Enterprise Linux 4 and 5, Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=248537
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1 or 3.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=250648
The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw.
Not vulnerable. This issue does not affect the versions of Firefox or Thunderbird as shipped with Red Hat Enterprise Linux.
This issue did not affect the versions of sysstat as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
For Red Hat Enterprise Linux 5, Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251200
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-3919
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
This issue affected Red Hat Enterprise Linux 5 with a low security impact. An update to the compiz package was released to correct this issue:
https://rhn.redhat.com/errata/RHSA-2008-0485.html
Red Hat does not consider a user assisted client crash such as this to be a security flaw.
Not vulnerable. fsplib is part of gftp in Red Hat Enterprise Linux 5, but this issue does not affect Linux.
We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1.
Not vulnerable. Versions of PHP packages as shipped with current Red Hat products are not linked with t1lib.
Not vulnerable. This issue does not affect the versions of Firefox or Thunderbird as shipped with Red Hat Enterprise Linux.
Not vulnerable. This issue does not affect the versions of Firefox or Thunderbird as shipped with Red Hat Enterprise Linux.
The CVE description for this bug is incorrect. The backported patch for CVE-2007-2447 missed the character c in the shell escaping whitelist of allowed characters, therefore not allowing commands with a c in them to be executed. This is therefore a regression bug and not a security vulnerability.
The Red Hat Security Response Team has rated this issue as having low security impact. Updates to correct this are available:
https://rhn.redhat.com/cve/CVE-2007-4045.html
Not vulnerable. This is a rediscovery and therefore a duplicate of CVE-2000-1205 which was corrected in upstream Apache httpd 1.3.11.
Not vulnerable. This flaw did not affect Red Hat Enterprise Linux 2.1, 3, or 4 due to the version of rsync.
This flaw does exist in Red Hat Enterprise Linux 5, but due to the nature of the flaw it is not exploitable with any security consequence due to stack-protector.
This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
Not vulnerable. These issues did not affect the versions of Samba as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
These issues did not affect the dovecot versions as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. An update to Red Hat Enterprise Linux 5 was released to correct this issue:
https://rhn.redhat.com/errata/RHSA-2008-0297.html
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251708
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Not vulnerable. Not vulnerable. These issues did not affect the versions of konqueror as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Red Hat does not consider a crash of a client application such as Konqueror to be a security flaw.
Red Hat does not consider this flaw a security issue. This flaw will only crash OpenOffice.org if a victim opens a malicious document.
Not vulnerable. PHP packages as shipped with Red Hat Enterprise Linux versions 2.1, 3, 4, and 5 are not compiled with msql library and are not vulnerable to this issue.
Vulnerable. This issue affected the CUPS packages in Red Hat Enterprise Linux 5.
This issue also affected the versions of CUPS packages in Red Hat Enterprise Linux 3 and 4, but exploitation would only lead to a possible denial of service. Updates are available from
https://rhn.redhat.com/cve/CVE-2007-4351.html
This is actually a flaw in browsers that do not derive the response character set as required by RFC 2616. This does not affect the default configuration of Apache httpd in Red Hat products and will only affect customers who have removed the "AddDefaultCharset" directive and are using directory indexes. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-4465
This issue was addressed in Red Hat Enterprise Linux 4 and 5 via https://rhn.redhat.com/errata/RHSA-2010-0141.html for tar. It did not affect the version of tar as shipped with Red Hat Enterprise Linux 3. This issue was also addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0144.html for cpio. It did not affect the version of cpio as shipped with Red Hat Enterprise Linux 3 and 4.
Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5, or Red Hat Application Stack 1.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=263261
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
This issue was addressed in fetchmail packages as shipped in Red Hat Enterprise Linux 3, 4, and 5 via:
https://rhn.redhat.com/errata/RHSA-2009-1427.html
This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG. Shipped kernels do not include upstream commit a11d206d that introduced the problem.
This upstream commit was backported in Red Hat Enterprise Linux 5 via RHBA-2008:0314. It was reported and addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0019.html
Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1 or 3.
This issue affected users who were running 64-bit versions of Red Hat Enterprise Linux 3, 4, or 5 on x86_64 architecture. It did not affect users of Red Hat Enterprise Linux 2.1.
Updates are available for Red Hat Enterprise Linux 3, 4, and 5 to correct this issue. New kernel packages along with our advisory are available at the URL below as well as via the Red Hat Network. http://rhn.redhat.com/errata/CVE-2007-4573.html
Not vulnerable. This issue did not affect the version of IrcII as shipped with Red Hat Enterprise Linux 2.1. IrcII was not shipped in Enterprise Linux 3, 4, or 5.
Not vulnerable. This issue does not affect the versions of PHP shipped
with Red Hat Enterprise Linux. It only affects the PHP version for Windows.
Not vulnerable. This issue did not affect the versions of RealPlayer as shipped with Red Hat Enterprise Linux 3 Extras, 4 Extras, or 5 Supplementary.
Not vulnerable. This issue was specific to a patch from Debian project and did not affect versions of tcp_wrappers packages as shipped with Red Hat Enterprise Linux.
We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
The only effect of this bug is to cause the process to read from a random segment of memory, if a large "length" parameter is passed to the strspn/strcspn function, which is under the control of the script author. This bug has no security impact.
This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1.
Not vulnerable. These issues did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Application Stack v1.
Not vulnerable. Red Hat did not include an incomplete fix for CVE-2007-2872 for PHP in Red Hat Enterprise Linux or Red Hat Application Stack.
For more details, see: https://bugzilla.redhat.com/show_bug.cgi?id=278161#c5
Not vulnerable. Red Hat did not include an incomplete fix for CVE-2007-2872 for PHP in Red Hat Enterprise Linux or Red Hat Application Stack.
This bug can only be triggered by supplying a non-default openssl.conf configuration file, which is entirely under the control of the script author or server administrator, and hence is not a security issue.
We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
Duplicate of CVE-2007-6113.
This flaw was fixed for Red Hat Enterprise Linux 4 in RHSA-2007-0898:
https://rhn.redhat.com/errata/RHSA-2007-0898.html
Red Hat Enterprise Linux 5 is not affected by this flaw. More information can be found here:
https://bugzilla.redhat.com/show_bug.cgi?id=285991
Red Hat Enterprise Linux 2.1 and 3 do not support the composite extension and are not vulnerable to this flaw.
This issue did not affect the OpenSSH packages as distributed with Red Hat Enterprise Linux 2.1 or 3, as they do not support Trusted X11 forwarding.
For Red Hat Enterprise Linux 4 and 5, this issue was addressed via: https://rhn.redhat.com/errata/RHSA-2008-0855.html
We do not consider this to be a security issue. For more information please see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
We do not consider this to be a security issue. For more information please see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
We do not consider this to be a security issue. For more information please see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
We do not consider this to be a security issue. For more information please see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=285691
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-4829
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
We do not consider this to be a security issue. For more information please see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
Not vulnerable. This flaw does not affect the Linux version of Firefox.
Not vulnerable. There is no support for jffs2 in the Linux kernel as distributed with Red Hat Enterprise Linux 2.1 or 3. There is no ACL support for jffs2 in the Linux kernel as distributed with Red Hat Enterprise Linux 4 or 5.
We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
The argument passed to the dl() function must always be under the control of the script author. We therefore do not consider this to be a security issue.
We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
We do not consider a crash of a client application such as RealPlayer or Helix Player to be a security issue.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=295971
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
Note: As the address of the overwritten byte is not under attackers control, the worst impact his bug could have is an application crash. It can not be exploited to execute arbitrary code.
Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
This issue did not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 2.1, 3, or 4. An update to correct this issue for Enterprise Linux 5 is available.
http://rhn.redhat.com/cve/CVE-2007-4995.html
Please note that the CVE description is incorrect, this issue did not affect upstream versions of OpenSSL prior to 0.9.8.
Not vulnerable. These issues did not affect the versions of Pidgin or Gaim as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
This issue affects the busybox package in Red Hat Enterprise Linux 2.1, 3, 4, and 5,
This issue affects the fileutils package in Red Hat Enterprise Linux 2.1.
This issue affects the coreutils package in Red Hat Enterprise Linux 3.
The coreutils package in Red Hat Enterprise Linux 4 and 5 are not vulnerable to this issue.
Given this issue has minimal risk we do not intend to issues updates to correct this issue in affected versions of Red Hat Enterprise Linux.
For more information please see:
https://bugzilla.redhat.com/show_bug.cgi?id=356471
Not vulnerable. This issue did not affect the versions of Pidgin or Gaim as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. This issue did not affect version of balsa as shipped with Red Hat Enterprise Linux 2.1.
According to Abobe this issue affects only the Windows platform and therefore does not affect Adobe Acrobat Reader as distributed with Red Hat Enterprise Linux Extras.
http://www.adobe.com/support/security/advisories/apsa07-04.html
Not vulnerable. These issues did not affect the versions of Firefox as shipped with Red Hat Enterprise Linux.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=181302
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
Not vulnerable. This issue did not affect the versions of RealPlayer as shipped with Red Hat Enterprise Linux 3 Extras, 4 Extras, or 5 Supplementary.
This issue was fixed in RealPlayer for Red Hat Enterprise Linux 3 Extras, 4 Extras, 5 Supplementary by RHSA-2007:0841 on 17th August 2007:
https://rhn.redhat.com/errata/RHSA-2007-0841.html
(Our original advisory did not mention this issue was fixed as the details of the issue were not made public by RealNetworks until 25th October 2007)
Not vulnerable. These issues did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5137
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Updates are available to address this issue:
https://rhn.redhat.com/errata/RHSA-2007-0969.html
Not vulnerable. These issues do not affect Linux versions of Sun JDK or JRE.
Not vulnerable. These issues did not affect the versions of Sun JDK as shipped with Red Hat Enterprise Linux Extras 4 or 5.
Not vulnerable. This issue did not affect the versions of libpng and libpng10 as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of libpng and libpng10 as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of libpng and libpng10 as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5333
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Not vulnerable. This issue did not affect versions of tog-pegasus as shipped with Red Hat Enterprise Linux 4, or 5. For more details see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-5360
Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 did not include the Tramp extension with Emacs. The version of Tramp included with Emacs in Red Hat Enterprise Linux 5 was not vulnerable to this issue.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5378
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Red Hat does not consider this to be a security issue. The function behaves as documented. Furthermore, the function shouldnt be considered a security feature, for reasons described at https://bugzilla.redhat.com/show_bug.cgi?id=332451#c3 and http://www.php.net/security-note.php
Not vulnerable. The versions of bind as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5 do not support GSS-TSIG and are not linked with libgssapi library.
Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. This vulnerability only affected the OpenSSL FIPS Object Module which is not enabled or used by OpenSSL in Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. This issue did not affect versions of RealPlayer as shipped with Red Hat Enterprise Linux 3 and 4 Extras or with Red Hat Enterprise Linux 5 Supplementary.
Not vulnerable. These issues did not affect PHP on Linux.
Not vulnerable. This issue did not affect the versions of OpenLDAP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. This issue did not affect Xen as shipped with Red Hat Enterprise Linux 5.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5729
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Not vulnerable. This issue did not affect versions of plone included in conga/luci packages as shipped with Red Hat Enterprise Linux 5 or Red Hat Cluster Suite for Red Hat Enterprise Linux 4.
Red Hat does not consider a user assisted client crash such as this to be a security flaw.
Not vulnerable. This issue did not affect versions of Emacs as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. This issue did not affect versions of geronimo-specs packages as shipped Red Hat Enterprise Linux 5, Red Hat Application Stack, Red Hat Application Server, Red Hat Directory Server and Red Hat Certificate System, as the geronimo-specs package only contains the specification of the Apache Geronimo Servers services and interfaces and not the vulnerable J2EE server classes.
Not vulnerable.
After a detailed analysis of this flaw, it has been determined that it is not exploitable on Red Hat Enterprise Linux 3, 4, or 5. For more information please see:
https://bugzilla.redhat.com/show_bug.cgi?id=415141
Not vulnerable.
This flaw does not affect the version of CUPS shipped in Red Hat Enterprise Linux 3 or 4.
After a detailed analysis of this flaw, it has been determined it does not pose a security threat on Red Hat Enterprise Linux 5. For more details regarding this analysis, please see:
https://bugzilla.redhat.com/show_bug.cgi?id=415131
This issue is not a vulnerability, for more information see http://marc.info/?m=119743235325151
Red Hat does not consider this flaw a security issue. This flaw is not exploitable and can only cause a client to stop responding or crash.
This issue was fixed in all affected PHP versions shipped in Red Hat products. For list of security advisories, visit: https://rhn.redhat.com/errata/CVE-2007-5898.html
The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run; any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5901
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
This issue is not a practical vulnerability, for more information see http://marc.info/?m=119743235325151
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5935
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Not vulnerable. This issue did not affect the versions of tetex packages as shipped with Red Hat Enterprise Linux 3, 4, or 5, as they do not provide the dviljk binary.
Not vulnerable. This issue did not affect the versions of tetex packages as shipped with Red Hat Enterprise Linux 3, 4, or 5, as they do not provide dviljk binary.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5963
The Red Hat Security Response Team has rated this issue as having low security impact, at this time Red Hat does not intend to address this flaw in a future update.
Not vulnerable. This issue did not affect versions of qt or qt4 packages as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, and 4.
It was addressed in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2009-1193.html, and https://rhn.redhat.com/errata/RHSA-2008-0585.html respectively.
Not vulnerable. This issue did not affect the mysql packages as shipped in Red Hat Enterprise Linux 2.1, 3, 4, 5, Red Hat Application Stack v1, and v2, as the versions shipped do not support table partitioning. The partitioning feature was introduced in development MySQL version 5.1.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-5971
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. See http://marc.info/?m=119743235325151
This issue is not a vulnerability, for more information see http://marc.info/?m=119743235325151
Not vulnerable. This issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 4 and 5.
Red Hat doesnt consider this a security issue. The arguments to the functions in question should always be under the control of the script author, rather than untrusted script input, so these issues would not be treated as security-sensitive.
Red Hat does not consider this issue to be a security vulnerability since no trust boundary is crossed. The user must voluntarily interact with the attack mechanism to exploit this flaw, with the result being the ability to run code as themselves.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-6113
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Red Hat does not consider this to be a security issue. Versions of rsync as shipped with Red Hat Enterprise Linux 2.1, 3, 4 and 5 behave as expected and that behavior was well documented.
The Red Hat Security Response Team has rated this issue as having moderate
security impact. This flaw has been addressed in Red Hat Enterprise Linux 5 via RHSA-2011:0999 advisory. This flaw did not affect the version of rsync as shipped with Red Hat Enterprise Linux 6.
Red Hat does not intend to fix this flaw in Red Hat Enterprise Linux 4.
Red Hat does not consider this issue to be a vulnerability. In order to exploit this for cross-site scripting, the attacker would have to get the victim to supply an arbitrary malformed HTTP method to a target site. However, this has been fixed in Red Hat Enterprise Linux 5 via RHBA-2009:0185 as a bug fix.
Not vulnerable. These issues did not affect the versions of the zsh package as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Xen and KVM, as shipped with Red Hat Enterprise Linux 5 by default use only peripheral device emulation of QEMU and are therefore not vulnerable to this issue.
Red Hat does not consider this a security issue. The downloading of arbitrary files will be harmless unless there is a vulnerability in the application handling these other filetypes.
This flaw is not exploitable to run arbitrary code and can only cause an application crash. Red Hat does not consider a crash of the flac application or applications that use flac libraries such as media players to be a security issue.
An update to Red Hat Enterprise Linux 5 was released to correct this issue:
https://rhn.redhat.com/errata/RHSA-2008-0300.html
Not Vulnerable. Red Hat does not ship a version of Apache Tomcat that enables the native APR connector.
This issue did not affect the mysql packages as shipped in Red Hat Enterprise Linux 2.1, 3, 4, or 5.
This issue affected the mysql packages as shipped in Red Hat Application Stack v1 and v2 and was addressed by RHSA-2007:1157:
http://rhn.redhat.com/errata/RHSA-2007-1157.html
Not vulnerable. The MySQL versions as shipped in Red Hat Enterprise Linux 2.1, 3, and 4 do not support federated storage engine. The MySQL package as shipped in Red Hat Enterprise Linux 5, Red Hat Application Stack v1, and Red Hat Application Stack v2 are not compiled with support for federated storage engine.
Not vulnerable. This issue did not affect the versions of MySQL as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Red Hat does not consider this flaw to be a security issue. For more information please see:
https://bugzilla.redhat.com/show_bug.cgi?id=426437
The versions of SquirrelMail packages shipped in Red Hat Enterprise Linux 3, 4, and 5 were not affected by this issue. In addition, the Red Hat Security Response Team have verified that the malicious code is not part of released Red Hat Enterprise Linux squirrelmail packages.
Not vulnerable. Red Hat Enterprise Linux versions 2.1, 3, 4 and 5 do not ship with the alternate pdftops.pl CUPS printing filter that is affected by this flaw.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG.
It was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2008-0885.html
mod_proxy_balancer is shipped in Red Hat Enterprise Linux 5 and Red Hat Application Stack v2. We do not plan on correcting this issue as it poses a very low security risk: The balancer manager is not enabled by default, the user targeted by the CSRF would need to be authenticated, and the consequences of an exploit would be limited to a web server denial of service.
mod_proxy_balancer is included in the version of Apache HTTP Server as shipped in Red Hat Enterprise Linux 5 and Red Hat Application Stack v2. Red Hat was unable to reproduce this issue.
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG.
Old versions of the Linux 2.4 kernel allowed the lookup of names containing backslashes over smbfs -- so there were multiple names which would reference any particular file, allowing the bypass of Apache controls such as AddType.
Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, or 5. This issue was corrected with a backported patch for Red Hat Enterprise Linux 2.1 by RHSA-2007:0672.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-6514
Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
This issue did not affect versions of Dovecot as shipped with Red Hat Enterprise Linux before version 5. An update to Red Hat Enterprise Linux 5 was released to correct this issue:
https://rhn.redhat.com/errata/RHSA-2008-0297.html
Red Hat does not consider this flaw a security issue. This flaw is not exploitable beyond causing the web browser to crash.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2007-6720
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
This issue affects the version of httpd package as shipped with Red Hat Enterprise Linux 4. This issue is mitigated by the use of mod_reqtimeout module shipped with the httpd package in Red Hat Enterprise Linux 5 and 6.
Not vulnerable. This issue did not affect cryptography library packages as shipped with Red Hat products, as they do not implement Dual EC DRBG algorithm.
Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
NVD clarification:
To exploit this flaw an attacker needs to print a malicious file through the vulnerable filter (either themselves or by convincing a victim to do so), it should therefore be AC:M
In CUPS, print filters run as an unprivileged user no superuser (root), therefore this should be scored C:P, I:P, A:P
This issue did not affect the versions of GNU libc as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
This issue affects the versions of libbind as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5, however the vulnerable function is not used by any shipped applications. The Red Hat Security Response Team has therefore rated this issue as having low security impact, a future update may address this flaw.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-0122
An update to Red Hat Enterprise Linux 5 was released to correct this issue:
https://rhn.redhat.com/errata/RHSA-2008-0300.html
Red Hat does not consider this to be a security issue. Regression introduced break glob() functionality, but does not bypass security restrictions.
Furthermore, "open_basedir" bypass issues are not treated as security sensitive as described at https://bugzilla.redhat.com/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. This flaw was caused by a third-party vendor patch to the OpenSSL library. This patch has never been used by Red Hat, and this issue therefore does not affect any Fedora, Red Hat, or upstream supplied OpenSSL packages.
This issue did not affect the version of boost as shipped with Red Hat Enterprise Linux 4 and 6. This issue was addressed in boost packages in Red Hat Enterprise Linux 5 via RHSA-2012:0305.
This issue did not affect the version of boost as shipped with Red Hat Enterprise Linux 4 and 6. This issue was addressed in boost packages in Red Hat Enterprise Linux 5 via RHSA-2012:0305.
Not vulnerable. This issue did not affect versions of MySQL as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Red Hat Application Stack v1, and v2, as they are not built with yaSSL support.
Not vulnerable. This issue did not affect versions of MySQL as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, Red Hat Application Stack v1, and v2, as they are not built with yaSSL support.
Not vulnerable. These issues did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-0414
The Red Hat Security Response Team has rated this issue as having moderate security impact, a future updates will address this flaw. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
We believe this issue is a duplicate of CVE-2007-5360. Not vulnerable. This issue did not affect versions of tog-pegasus as shipped with Red Hat Enterprise Linux 4, or 5. For more details see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-5360
Not vulnerable.
This does not affect the versions of Firefox or SeaMonkey shipped in Red Hat Enterprise Linux.
Not vulnerable. This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5, and Red Hat Application Stack v1.
For Red Hat Application Stack v2, issue was addressed via: https://rhn.redhat.com/errata/RHSA-2008-0505.html
This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4. Updated kernel packages are available to correct this issue for Red Hat Enterprise Linux 5:
https://rhn.redhat.com/errata/RHSA-2008-0129.html
Not vulnerable. This issue did not affect the versions of PCRE as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-0883
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Not vulnerable. This issue did not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. This issue did not affect versions of pax as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. This issue did not affect versions of pcre as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of cups as shipped with Red Hat Enterprise Linux 3, 4, or 5.
The affected version of Wireshark as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2008-0890.html
The affected version of Wireshark as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2008-0890.html
The affected version of Wireshark as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2008-0890.html
The risks associated with fixing this bug are greater than the low severity security risk.We therefore currently have no plans to fix this flaw in Red HatEnterprise Linux.
For more information please see the following bug:
https://bugzilla.redhat.com/show_bug.cgi?id=435420
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-1142
This issue does not affect Red Hat Enterprise Linux 3, 4, or 5.
The Red Hat Security Response Team has rated this issue as having low security impact. Due to the minimal security consequences of this issue, we do not intend to fix this in Red Hat Enterprise Linux 2.1. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
This issue was addressed in affected versions of Ruby as shipped in Red Hat Enterprise Linux 4 and 5 via: https://rhn.redhat.com/errata/RHSA-2008-0897.html
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-1198
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-1199
This issue does not affect the default configuration of Dovecot as shipped in Red Hat Enterprise Linux.
The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw.
An update to Red Hat Enterprise Linux 5 was released to correct this issue:
https://rhn.redhat.com/errata/RHSA-2008-0297.html
Not vulnerable. This issue did not affect versions of Dovecot as shipped with Red Hat Enterprise Linux 4 or 5.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG.
It was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2008-0612.html
Not vulnerable. This issue did not affect versions of RealPlayer as shipped with Red Hat Enterprise Linux 3 Extras, 4 Extras, or 5 Supplementary.
Not vulnerable. This issue did not affect the versions of dhcp as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Red Hat has re-evaluated the potential impact of this flaw and has released an update which corrects this behavior:
http://rhn.redhat.com/errata/RHSA-2008-0893.html
This issue does not affect the version of libpng as shipped with Red Hat Enterprise Linux 3.
Updates for affected versions of Red Hat Enterprise Linux can be found here:
http://rhn.redhat.com/errata/RHSA-2009-0333.html
Red Hat do not consider this to be a security vulnerability:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-1384
Red Hat does not consider this to be a security issue. Properly written
application should not use arbitrary untrusted data as part of the format
string passed to functions as strfmon or printf family functions.
http://rhn.redhat.com/errata/RHSA-2008-0533.html
All openssh versions shipped in Red Hat Enterprise Linux 5 include the patch for this issue.
This issue was fixed in Red Hat Enterprise Linux 4 via: https://rhn.redhat.com/errata/RHSA-2005-527.html
Red Hat Enterprise Linux 3 is affected by this issue. The Red Hat Security Response Team has rated this issue as having low security impact. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-1483
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 5, and Red Hat Enterprise MRG.
It was addressed in Red Hat Enterprise Linux 4 via: https://rhn.redhat.com/errata/RHSA-2008-0972.html
Not vulnerable. This issue does not affect the versions of gnupg packages as shipped with Red Hat Enterprise Linux versions 2.1, 3, 4 or 5.
Red Hat does not consider this issue to be a security flaw as SILC is not used in a vulnerable manner in Red Hat Enterprise Linux 4 and 5.
More information can be found here:
https://bugzilla.redhat.com/show_bug.cgi?id=440049
The affected version of Wireshark as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2008-0890.html
The affected version of Wireshark as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2008-0890.html
The affected version of Wireshark as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2008-0890.html
Red Hat does not consider this libTIFF bug to be a security issue.
This issue did not affect the audit packages as shipped with Red Hat Enterprise Linux 4.
Red Hat is not treating this issue as a security vulnerability for Red Hat Enterprise Linux 5 as no application used the affected interface, and the only result is a controlled application termination as the overflow is detected by the FORTIFY_SOURCE protection mechanism. We plan to address this as non-security bug fix in updated audit packages for Red Hat Enterprise Linux 5.2.
For further details, please see:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-1628
Not vulnerable. These issues did not affect the versions of OpenSSH as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. This flaw does not affect teh version of wu-ftpd as shipped in Red Hat Enterprise Linux 2.1.
Not vulnerable. This issue did not affect versions of KDE as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. This issue did not affect versions of KDE as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2, 3, 4, 5 or Red Hat Enterprise MRG.
The but existed on Red Hat Enterprise Linux 3, 4, and 5. However, this is only a security issue if the SLOB or SLUB memory allocators were used (introduced in Linux kernel versions 2.6.16 and 2.6.22, respectively). All Red Hat Enterprise Linux and Red Hat Enterprise MRG kernels use the SLAB memory allocator, which in this case, cannot be exploited to allow arbitrary code execution. As a preventive measure, the underlying bug was addressed in Red Hat Enterprise Linux 3, 4, and 5, via the advisories RHSA-2008:0973, RHSA-2008:0508, and RHSA-2008:0519, respectively.
Not vulnerable. This issue did not affect versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of mod_ssl or httpd as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5 prior to 5.3.
In Red Hat Enterprise Linux 5.3, OpenSSL packages were rebased to upstream version 0.9.8e via RHBA-2009:0181 (https://rhn.redhat.com/errata/RHBA-2009-0181.html), introducing this problem in Red Hat Enterprise Linux 5. Updated httpd packages were released via: https://rhn.redhat.com/errata/RHSA-2009-1075.html
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-1679
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
The Red Hat Security Response Team is aware of this new gcc behavior and is currently working to determine what impact these changes will have on the source code processed by the compiler. These changes do not affect Red Hat Enterprise Linux 2, 3, 4, or 5.
Red Hat does not consider this to be a security issue. After careful analysis of this issue the Red Hat Security Response Team has determined that this bug has no security impact outside of expected m4 behavior.
Red Hat does not consider this to be a security issue. After careful analysis of this issue the Red Hat Security Response Team has determined that this bug has no security impact outside of expected m4 behavior.
Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
Not vulnerable. This issue did not affect versions of rsync as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=442005
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
Not vulnerable. This issue did not affect the versions of rdesktop as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-1891
The risks associated with fixing this flaw outweigh the benefits of the fix. Red Hat does not plan to fix this flaw in Red Hat Enterprise Linux.
Red Hat is aware of this issue affecting Red Hat Enterprise Linux 5 and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-1926
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
This issue has been addressed in Red Hat Enterprise Linux 4 with the following update:
https://rhn.redhat.com/errata/RHSA-2009-0981.html
This is not a security flaw in Struts. Struts has never guaranteed to perform filtering of the untrusted user inputs used as html tag attributes names or values. If user inputs need to be used as part of the tag attributes, the JSP page needs to perform filtering explicitly. For further details, see: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2025
This issue does not affect the version of PHP shipped in Red Hat Enterprise Linux 2.1, 3, or 4.
We do not consider this issue to be a security flaw for Red Hat Enterprise Linux 5 since no trust boundary is crossed. More information can be found here:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2050
This issue did not affect MySQL as supplied with Red Hat Enterprise Linux 3.
This issue was addressed for Red Hat Enterprise Linux 4, 5, and Red Hat Application Stack v1, v2:
https://rhn.redhat.com/cve/CVE-2008-2079.html
Not vulnerable. Red Hat Enterprise Linux 2.1, 3, 4, and 5 do not ship for the SPARC architecture.
Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
This is actually a flaw in browsers that do not derive the response character set as required by RFC 2616. This does not affect the default configuration of Apache httpd in Red Hat products and will only affect customers who have removed the "AddDefaultCharset" directive.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2168
Not vulnerable. This issue does not affect the version of c++filt as shipped with binutils in Red Hat Enterprise Linux 3 or 4. Although this bug is present in the version of c++filt as shipped with binutils in Red Hat Enterprise Linux 5, the format string protection from FORTIFY_SOURCE makes this unexploitable.
Not vulnerable. This issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Affected module was only introduced upstream in python 2.5.
This issue does not affect the versions of mtr as shipped with Red Hat Enterprise Linux 4 or 5.
For Red Hat Enterprise Linux 2.1 and 3, this issue can only be exploited if an attacker can convince victim to use mtr to trace path to or via the IP, for which an attacker controls PTR DNS records. Additionally, the victim must run mtr in "split mode" by providing -p or --split command line options. The Red Hat Security Response Team has therefore rated this issue as having low security impact, a future update may address this flaw.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG.
It was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2008-0519.html
Not vulnerable. This issue did not affect the versions of pan as shipped with Red Hat Enterprise Linux 2.1. No other versions of Red Hat Enterprise Linux have shipped Pan.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-2364
The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
Not vulnerable. This issue did not affect the versions of PCRE as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of gnutls as shipped with Red Hat Enterprise Linux 4, or 5.
Not vulnerable. This issue did not affect the version of the Xen package as shipped with Red Hat Enterprise Linux 5.
Not vulnerable. OCSP protocol support was only implemented in upstream stunnel version 4.16. Therefore OCSP protocol is not available in the versions of stunnel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG.
We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
This issue was addressed in fetchmail packages as shipped in Red Hat Enterprise Linux 3, 4, and 5 via:
https://rhn.redhat.com/errata/RHSA-2009-1427.html
Not vulnerable. These issues did not affect the versions of NASM as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. This issue did not affect versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of perl as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5, Red Hat Application Stack 1, or Solaris versions of Red Hat Directory Server 7.1 and 8, Certificate System 7.x.
Not vulnerable. This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. For more details see:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2829
Not vulnerable. This issue did not affect the versions of XChat as shipped with Red Hat Enterprise Linux.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG.
It was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2008-0885.html
Not vulnerable. This issue did not affect the versions of firefox as shipped with Red Hat Enterprise Linux 4, or 5.
These issue was addressed in all affected httpd versions as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2008-0967.html
This issue is tracked via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-2939
The Red Hat Security Response Team has rated this issue as having low security impact, future updates may address this flaw in other affected products (such as Red Hat Application Stack).
Not vulnerable. This issue did not affect the versions of poppler as shipped with Red Hat Enterprise Linux 5, or other PDF parsing applications derived from the xpdf code as shipped in Red Hat Enterprise Linux 2.1, 3, 4, or 5.
According to RealNetworks this flaw does not affect the Linux version of RealPlayer.
According to RealNetworks this issue does not affect the Linux version of RealPlayer.
Not vulnerable. This issue did not affect the versions of sudo as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of the Vim packages, as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5.
Note: This CVE is mentioned in the text of RHSA-2008:0580 (https://rhn.redhat.com/errata/RHSA-2008-0580.html), as it was originally used to track multiple issues. Issues that affected Vim packages in Red Hat Enterprise Linux 5 were later assigned separate CVE identifier - CVE-2008-6235. Neither of issues currently covered by CVE-2008-3076 (insufficient shell escaping in mz and mc commands) affected Vim packages shipped with Red Hat Enterprise Linux 5.
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
We do not consider a crash of a client application such as ImageMagick to be a
security issue.
The affected version of Wireshark as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2008-0890.html
The affected version of Wireshark as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2008-0890.html
Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5
The affected version of Wireshark as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2008-0890.html
The affected version of Wireshark as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2008-0890.html
Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Not vulnerable. This issue did not affect the version of dnsmasq as shipped with Red Hat Enterprise Linux 5.
Upon investigating this issue, the Red Hat Security Response Team has determined that this is not a vulnerability. The ability to specify a desired role when connecting to OpenSSH is a feature of how OpenSSH interacts with SELinux. Users can only assign themselves SELinux roles which they have permission to access. They cannot assign themselves arbitrary roles.
Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG.
Not vulnerable. This issue did not affect the versions of openssh as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
This issue can only be exploited during the package build and it does not affect users of pre-built packages distributed with Red Hat Enterprise Linux. Therefore, we do not plan to backport a fix for this issue to already released version of Red Hat Enterprise Linux 2.1, 3, 4, and 5.
Not vulnerable. This issue did not affect the versions of links as shipped with Red Hat Enterprise Linux 2.1, and versions of elinks as shipped with Red Hat Enterprise Linux 3, 4, or 5. Versions of links / elinks shipped do not support "only proxies" feature.
Not vulnerable. These issues did not affect the version of dnsmasq as shipped with Red Hat Enterprise Linux 5.
Not vulnerable. This issue did not affect the versions of OpenOffice.org as shipped with Red Hat Enterprise Linux 3, 4, or 5. The updated Red Hat Enterprise Linux packages are not distributed via the openoffice.org update service, but rather via Red Hat Network, using the package manager capabilities to verify authenticity of updates.
Not vulnerable. This issue did not affect the versions of Sun Java packages as shipped with Red Hat Enterprise Linux 4 Extras, or 5 Supplementary. The updated Red Hat Enterprise Linux packages are not distributed via the java.sun.com update service (which is only used for Windows version of Sun Java), but rather via Red Hat Network, using the package manager capabilities to verify authenticity of updates.
Red Hat does not consider this flaw a security issue. This flaw is not exploitable beyond causing the web browser to crash.
This flaw does not affect the Linux version of RealVNC as shipped in Red Hat Enterprise Linux.
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG.
The uvcvideo driver was first added in kernel packages update RHSA-2009:0225 in Red Hat Enterprise Linux 5.3, and it already contained a fix for this flaw.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5.
It was addressed in Red Hat Enterprise MRG for RHEL-5 via: https://rhn.redhat.com/errata/RHSA-2008-0857.html
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG.
It was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2008-0957.html
This issue does not affect the versions of the yelp package, as shipped with Red Hat Enterprise Linux 3, 4 and 5.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5.
It was addressed in Red Hat Enterprise MRG for RHEL-5 via: https://rhn.redhat.com/errata/RHSA-2008-0857.html
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5.
It was addressed in Red Hat Enterprise MRG for RHEL-5 via: https://rhn.redhat.com/errata/RHSA-2008-0857.html
This issue has been addressed in the affected versions of PHP packages shipped in Red Hat Enterprise Linux via advisories listed on the following page: https://rhn.redhat.com/errata/CVE-2008-3658.html
The PHP interpreter does not offer a reliable "sandboxed" security layer (as found in, say, a JVM) in which untrusted scripts can be run any script run by the PHP interpreter must be trusted with the privileges of the interpreter itself. We therefore do not classify this issue as security-sensitive since no trust boundary is crossed.
This issue has been fixed in the affected Red Hat Enterprise Linux versions via: https://rhn.redhat.com/errata/RHSA-2009-0010.html
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG.
Not vulnerable. This issue did not affect the version of Xen hypervisor as shipped with Red Hat Enterprise Linux 5, as it does not support XSM.
Not vulnerable. This issue did not affect the versions of neon as shipped with Red Hat Enterprise Linux 4, or 5.
Not vulnerable. This issue did not affect the versions of samba as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5.
It was addressed in Red Hat Enterprise MRG for RHEL-5 via: https://rhn.redhat.com/errata/RHSA-2008-0857.html
This issue did not affect the version of pam_krb5 shipped in Red Hat Enterprise Linux 2.1, 3, or 4.
Not vulnerable. This issue did not affect the version of utrace as shipped with the Red Hat Enterprise Linux 5 kernel.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG.
It was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2008-0957.html
Not vulnerable. This issue did not affect the versions Postfix as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Red Hat does not consider this to be a security issue. Since these operations can only be executed by root, no trust boundary is crossed as a result of this behaviour.
Red Hat does not consider this to be a security issue. Since these operations can only be executed by root, no trust boundary is crossed as a result of this behaviour.
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5.
It was addressed in Red Hat Enterprise MRG for RHEL-5 via: https://rhn.redhat.com/errata/RHSA-2008-0857.html
Not vulnerable. This issue did not affect the versions of the emacs package, as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
This issue did not affect MySQL as supplied with Red Hat Enterprise Linux 3 or 4.
This issue was addressed for Red Hat Enterprise Linux 5 and Red Hat Application Stack v2
https://rhn.redhat.com/cve/CVE-2008-3963.html
Not vulnerable. These issues did not affect the versions of libpng as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of MySQL as shipped with any Red Hat product as the improper fix for CVE-2008-2097 that led to the issuance of this CVE was never used.
This issue was addressed in Red Hat Enterprise Linux 4 via https://rhn.redhat.com/errata/RHSA-2010-0110.html and in Red Hat Application Stack v2 via https://rhn.redhat.com/errata/RHSA-2009-1067.html .
In Red Hat Enterprise Linux 5, issue CVE-2008-2079 was fixed without introducing CVE-2008-4098 in https://rhn.redhat.com/errata/RHSA-2009-1289.html .
The risks associated with fixing this bug are greater than the security risk. We therefore currently have no plans to fix this flaw in Red HatEnterprise Linux 2.1, 3, 4, or 5.
For more information please see our bug for this issue:
https://bugzilla.redhat.com/show_bug.cgi?id=462772
Not vulnerable. This issue did not affect the versions of python as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. The patch used to fix CVE-2006-5051 in Red Hat Enterprise Linux 2.1, 3, 4, and 5 was complete and does not suffer from this problem.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5.
It was addressed in Red Hat Enterprise MRG for RHEL-5 via: https://rhn.redhat.com/errata/RHSA-2008-0857.html
Not vulnerable. This flaw does not affect the version of BIND as shipped in Red Hat Enterprise Linux 2.1, 3, 4, or 5.
This issue has been addressed via: https://rhn.redhat.com/errata/RHSA-2009-0402.html
Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Not vulnerable. This issue did not affect the versions of rsh-server packages as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
The glibcs ruserok function is used to check users authorization against rhosts files. That implementation of ruserok never opens /etc/hosts.equiv for superuser.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG.
It was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2008-0957.html
Not vulnerable. This issue did not affect the versions of Samba as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
We do not consider a crash of a client application such as Konqueror to be a security issue.
Not vulnerable. ndiswrapper is not shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG.
Not vulnerable. This issue did not affect the versions of libxml2 as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5.
It was addressed in Red Hat Enterprise MRG for RHEL-5 via: https://rhn.redhat.com/errata/RHSA-2008-0857.html
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-4456
This issue was addressed for Red Hat Enterprise Linux 5 by https://rhn.redhat.com/errata/RHSA-2009-1289.html and Red Hat Enterprise Linux 4 by https://rhn.redhat.com/errata/RHSA-2010-0110.html .
The Red Hat Security Response Team has rated this issue as having low security impact, future MySQL package updates may address this flaw for Red Hat Enterprise Linux 3, and Red Hat Application Stack 2.
Not vulnerable. This issue did not affect the versions of freeradius as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Not Vulnerable. Red Hat Enterprise MRG does not use Xerces-C++ in a manner that is vulnerable to this flaw.
We do not consider a crash of a client application such as Konqueror to be a security issue.
This issue affected Red Hat Enterprise Linux 5 and was addressed by
https://rhn.redhat.com/errata/RHSA-2009-1321.html
The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 5.
Manual fencing agent is documented to only be provided for testing purposes and should not be used in production environments. Therefore, there is no plan to fix this flaw in Red Hat Cluster Suite for Red Hat Enterprise Linux 4, and in Red Hat Enterprise Linux 5.
The attacks reported by Outpost24 AB target the design limitations of the TCP protocol. Due to upstreams decision not to release updates, Red Hat do not plan to release updates to resolve these issues however, the effects of these attacks can be reduced via the mitigation methods as written in http://kbase.redhat.com/faq/docs/DOC-18730.
The versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5 were not affected by this issue.
This issue only affected the version of Linux kernel as shipped with Red Hat Enterprise MRG and was addressed via: https://rhn.redhat.com/errata/RHSA-2009-0009.html
Not vulnerable. This issue did not affect the versions of vim as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
This issue has been addressed in Wireshark packages as shipped in Red Hat Enterprise Linux 3, 4 and 5 via: https://rhn.redhat.com/errata/RHSA-2009-0313.html
This issue has been addressed in Wireshark packages as shipped in Red Hat Enterprise Linux 3, 4 and 5 via: https://rhn.redhat.com/errata/RHSA-2009-0313.html
This issue has been addressed in Wireshark packages as shipped in Red Hat Enterprise Linux 3, 4 and 5 via: https://rhn.redhat.com/errata/RHSA-2009-0313.html
This issue has been addressed in Wireshark packages as shipped in Red Hat Enterprise Linux 3, 4 and 5 via: https://rhn.redhat.com/errata/RHSA-2009-0313.html
This issue has been addressed in Wireshark packages as shipped in Red Hat Enterprise Linux 3, 4 and 5 via: https://rhn.redhat.com/errata/RHSA-2009-0313.html
This issue has been addressed in Wireshark packages as shipped in Red Hat Enterprise Linux 3, 4 and 5 via: https://rhn.redhat.com/errata/RHSA-2009-0313.html
Red Hat does not consider this to be a security flaw. Firefox is handling the ftp:// URL as expected.
This issue can only cause pamperspective to crash when used on specially crafted messages. We do not consider this to be a security issue.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-4865
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
Not vulnerable. This issue did not affect the versions of the dovecot package, as shipped with Red Hat Enterprise Linux 4 or 5.
Not vulnerable. This issue did not affect the versions of mgetty as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5, as they include patch that resolves this issue.
Not vulnerable. This issue did not affect the versions of OpenOffice.org as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of postfix as shipped with Red Hat Enterprise Linux 3, 4, or 5. Mentioned script is not part of the official postfix distribution and is not included in Red Hat Enterprise Linux postfix packages.
The affected code is not used by any application shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5. The impact of this flaw is limited to a crash of the applications connecting to a misbehaving SMTP server. Due to those reasons, theres currently no plan to include the fix in the imap packages as shipped in Red Hat Enterprise Linux 2.1 and 3, and the libc-client packages as shipped in Red Hat Enterprise Linux 4 and 5.
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG.
This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
The issue was addressed in the Linux kernel packages as shipped with Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-0053.html
This issue was addressed for Red Hat Enterprise Linux 5 by
https://rhn.redhat.com/errata/RHSA-2009-1287.html
After reviewing the upstream fix for this issue, Red Hat does not intend to address this flaw in Red Hat Enterprise Linux 3 or 4 at this time.
Not vulnerable. This issue did not affect the versions of CUPS as shipped with Red Hat Enterprise Linux 3, 4, or 5. Versions shipped do not support RSS subscriptions.
Not vulnerable. This issue does not affect the versions of imlib as shipped with Red Hat Enterprise Linux 2.1, 3, or 4.
This issue has been addressed in Wireshark packages as shipped in Red Hat Enterprise Linux 3, 4 and 5 via: https://rhn.redhat.com/errata/RHSA-2009-0313.html
Not vulnerable. This issue did not affect the versions of dovecot as shipped with Red Hat Enterprise Linux 4, or 5. Those packages do not include ManageSieve server.
This issue has been addressed in perl packages as shipped in Red Hat
Enterprise Linux 3 and 4 via https://rhn.redhat.com/errata/RHSA-2010-0457.html and Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0458.html.
This issue has been addressed in perl packages as shipped in Red Hat
Enterprise Linux 3 and 4 via https://rhn.redhat.com/errata/RHSA-2010-0457.html and Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0458.html.
The Red Hat Security Response Team has rated this issue as having low security impact. This issue is not currently planned to be addressed in Red Hat Enterprise Linux 6. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-5374
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
Not vulnerable. This issue did not affect the versions of CUPS as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Affected script is not part of the upstream CUPS distribution, but rather an addition used by Debian-based distributions (and possibly others).
CUPS packages as shipped in Red Hat Enterprise Linux 5 also provide pstopdf filter. However, that filter is different from the one used in Debian-based distributions, and is unaffected by this flaw.
Additionally, all filters used by CUPS on all versions of Red Hat Enterprise Linux are run under an unprivileged "lp" user, making the root privilege escalation mentioned in the published exploit impossible.
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG. It only affected the Ubuntu Privacy Remix (UPR) kernel.
Not vulnerable. This issue did not affect the versions of the util-linux packages (providing /bin/login), as shipped with Red Hat Enterprise Linux 2.1, 3, 4 or 5.
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG. Red Hat does not provide support for the Linux kernel on the PA-RISC architecture.
Not vulnerable. This issue did not affect the versions of imap as shipped with Red Hat Enterprise Linux 2.1 and 3, and the versions of libc-client as shipped with Red Hat Enterprise Linux 4 and 5.
Not vulnerable. This issue did not affect the version of the rsyslog package, as shipped with Red Hat Enterprise Linux 5.
Not vulnerable. This issue did not affect the version of the rsyslog package, as shipped with Red Hat Enterprise Linux 5.
We do not consider these to be security issues. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
We do not consider this to be a security issue. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
This issue did not affect PHP versions as shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5, and Red Hat Application Stack v1. PHP version in Red Hat Application Stack v2 was fixed via: https://rhn.redhat.com/errata/RHSA-2009-0350.html
The risks associated with fixing this bug are greater than the low severity
security risk. We therefore currently have no plans to fix this flaw in
Red Hat Enterprise Linux 5.
Red Hat does not consider a crash of a client application such as Konqueror to be a security issue.
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG. Red Hat does not provide support for the Linux kernel on the MIPS architecture.
Red Hat does not consider a crash of a client application such as Konqueror to be a security issue.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG. It was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2009-0264.html
Not vulnerable. This issue did not affect the versions of Xen as shipped with Red Hat Enterprise Linux 5.
Red Hat does not consider a crash of a client application such as Firefox to be a security issue.
Not vulnerable. This issue did not affect the versions of Xen as shipped with Red Hat Enterprise Linux 5. Security update released to address CVE-2008-4405 - https://rhn.redhat.com/errata/RHSA-2009-0003.html - contained correct patch which did not introduce this problem and resolved the original issue.
Red Hat does not consider a crash of a client application such as Firefox to be a security issue.
Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Not vulnerable. This issue did not affect the versions of the php package, as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, and with Red Hat Application Stack v1 and v2. Only PHP version 5.2.7 was affected by this flaw.
Red Hat does not consider this bug to be a security issue. For a more detailed explanation, please see the following bug:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-5907
This issue does not affect the versions of the eog package, as shipped with Red Hat Enterprise Linux 3, 4, and 5.
The costs associated with fixing these bug are greater than the posed security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux at this time.
The costs associated with fixing these bug are greater than the posed security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux at this time.
The costs associated with fixing these bug are greater than the posed security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux at this time.
Not vulnerable. Red Hat Enterprise Linux 2.1, 3, 4, and 5 do not ship for the SPARC architecture.
We do not consider a crash of a client application linked to libpng to be a security issue. None of the applications that use libpng are at any risk of causing a denial of service in a meaningful way.
The issue does not affect any Red Hat products as no products ship Struts2/XWork binaries.
Red Hat does not consider this to be a security issue. The misbehaviour of CMAN is triggered by corrupted / specially crafted cluster.conf configuration file. Ability to edit this file is restricted to system administrator, therefore no privilege boundary is crossed.
The costs associated with fixing these bug are greater than the posed security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux at this time.
This is not a security issue. For further details, see: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-7002#c7
This is not a security issue. A user with read and write access to a file can reasonably be expected to manipulate the contents of the file, including truncating it. Instead of using dba_replace(), a user could simply fopen() the file in write mode, which provides the same end-result.
Not vulnerable. This issue did not affect the versions of libsilc as shipped with Red Hat Enterprise Linux 4, or 5.
Not vulnerable. This issue did not affect the versions of libsilc as shipped with Red Hat Enterprise Linux 4, or 5.
Not vulnerable. This issue did not affect the versions of nasm as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 3, 4, or 5.
This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and 5 as they did not include nfs-export support for tmpfs. A future kernel update in Red Hat Enterprise MRG will address this issue.
This issue was addressed in Red Hat Enterprise Linux 5 and 6 by rebasing Firefox to 10.0.0 ESR.
Not vulnerable. This issue did not affect the versions of samba as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 and Red Hat Enterprise MRG.
This flaw affects most 64-bit architectures, including IBM S/390 and 64-bit PowerPC, but it does not affect x86_64 or Intel Itanium. The risks associated with fixing this flaw are greater than the security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 3, 4, or 5. Red Hat Enterprise MRG is not affected as it is not supported on 64-bit architectures other than x86_64.
Not vulnerable. Red Hat does not ship the vulnerable backend that causes this flaw.
Red Hat does not consider a crash of a client application such as Firefox to be a security issue.
Not vulnerable. This issue did not affect the versions of hplip as shipped with Red Hat Enterprise Linux 5.
Red Hat does not consider this to be a security issue. M2Crypto provides python interfaces to multiple OpenSSL functions. Neither of those interfaces is further used by M2Crypto in an insecure way. Additionally, no application shipped in Red Hat Enterprise Linux is known to use affected interfaces provided by M2Crypto.
Further details can be found in the following bug report: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0127#c1
The Red Hat Security Response Team has rated this issue as having low security impact. The risks associated with fixing this bug are greater than the security risk. We therefore have no plans to fix this flaw in Red Hat Enterprise Linux 4 and 5.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-0179
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-0241
The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update of Red Hat HPC Solution may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
Red Hat does not consider this to be a security issue. For more information, please see the following bug:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0242
This issue can only result in an OpenOffice.org crash, not allowing arbitrary code execution. Red Hat does not consider a crash of a client application such as OpenOffice.org to be a security issue.
Not vulnerable. This issue did not affect the versions of BIND as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, and Red Hat Enterprise MRG.
This issue does not affect gedit as shipped in Red Hat Enterprise Linux 3 and 4. It does affect gedit in Red Hat Enterprise Linux 5.
Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
This issue does not affect xchat for Red Hat Enterprise Linux 3.
This issue does affect xchat for Red Hat Enterprise Linux 4 and 5.
The Red Hat Security Response Team has rated this issue as having low
security impact, a future update may address this flaw. More information
regarding issue severity can be found here:
http://www.redhat.com/security/updates/classification/
This issue did not affect vim as shipped in Red Hat Enterprise Linux 3 and 4. This issue is not planned to be fixed in vim packages in Red Hat Enterprise Linux 5.
Not vulnerable. This issue did not affect the versions of the pam_krb5 package, as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of the pam_krb5 package, as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. This issue did not affect the version of Squid as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of pam as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5. Only PAM versions 1.x were affected.
This issue was fixed in openssl packages in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2009-1335.html
This issue was fixed in openssl packages in Red Hat Enterprise Linux 3 and 4 via: https://rhn.redhat.com/errata/RHSA-2010-0163.html
Not vulnerable. This issue affected OpenSSL CMS functionality which is not present in the openssl packages as shipped with Red Hat Enterprise Linux 2.1, 3, 4 or 5.
Red Hat does not consider this to be a security issue. For further details, see: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0601#c3
Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5, or Red Hat Enterprise MRG.
Not vulnerable. This issue was addressed in upstream OpenSSL prior to 0.9.6 and therefore does not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Disputed: The Red Hat Security Response Team have been unable to confirm the existence of this format string vulnerability in the toolkit, and the sample published exploit is not complete or functional.
This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 4 as the affected driver is not enabled in these kernels by default. The affected driver is enabled by default in Red Hat Enterprise Linux 2.1, 3, 5, and Red Hat Enterprise MRG.
It was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2009-0326.html and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2009-0360.html .
As Red Hat Enterprise Linux 2.1 and 3 are now in Production 3 of their maintenance life-cycle, http://www.redhat.com/security/updates/errata, and this issue has been rated as having moderate impact, the fix for this issue is not currently planned to be included in the future updates.
The upstream fix for this issue is not backwards compatible and introduces an ABI change not allowed in Red Hat Enterprise Linux. Therefore, there is no plan to address this problem directly in cyrus-sasl packages.
All applications shipped in Red Hat Enterprise Linux and using affected sasl_encode64() function were investigated and patched if their use of the function could have security consequences. See following bug report for further details: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0688#c20
This issue affected the dhcp packages as shipped with Red Hat Enterprise Linux 3 and 4. Updated packages to correct this issue are available via Red Hat Network:
https://rhn.redhat.com/errata/CVE-2009-0692.html
This issue did not affect the dhcp packages as shipped with Red Hat Enterprise Linux 5 due to the use of FORTIFY_SOURCE protection mechanism that changes the exploitability of the issue into a controlled application termination.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG.
This issue was addressed in Red Hat Enterprise Linux 5 by
https://rhn.redhat.com/errata/RHSA-2009-1243.html
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG.
This issue was addressed in Red Hat Enterprise Linux 5 by
https://rhn.redhat.com/errata/RHSA-2009-1243.html
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG.
This issue was addressed in Red Hat Enterprise Linux 5 by
https://rhn.redhat.com/errata/RHSA-2009-1243.html
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG.
This issue was addressed in Red Hat Enterprise Linux 5 by
https://rhn.redhat.com/errata/RHSA-2009-1243.html
Not vulnerable. This issue did not affect the versions of poppler, xpdf, gpdf and kdegraphics as shipped with Red Hat Enterprise Linux 3, 4, or 5.
This issue is a duplicate of CVE-2009-0166, which was addressed in affected products via following updates: https://rhn.redhat.com/errata/CVE-2009-0166.html
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG.
It was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2009-0326.html .
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-0781
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG.
It was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2009-0473.html .
Not vulnerable. This issue only affects a small number of operating systems and does not affect the openssl packages as shipped with Red Hat Enterprise Linux 2.1, 3, 4 or 5.
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw in lcms.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-0796
The Red Hat Security Response Team has rated this issue as having moderate security impact, a future mod_perl package update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw in squid.
Not vulnerable. This issue did not affect the versions of mysql packages, as shipped with Red Hat Enterprise Linux 3, 4, or 5, and Red Hat Application Stack v2.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5.
It was addressed in Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-0451.html .
Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, or Red Hat Enterprise MRG.
Red Hat does not consider this issue to be a security vulnerability. Affected function is only used to parse PAM configuration files and this bug can only be triggered by specific configuration created by the system administrator.
This issue has been addressed in Red Hat Enterprise Linux 4 and 5 via:
https://rhn.redhat.com/errata/RHSA-2009-1484.html
and in Red Hat Application Stack v2 via:
https://rhn.redhat.com/errata/RHSA-2009-1067.html
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, or Red Hat Enterprise MRG.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5. It was addressed in Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-0451.html .
This issue has been rated as having moderate security impact. It was addressed in Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG, via https://rhn.redhat.com/errata/RHSA-2009-1132.html , https://rhn.redhat.com/errata/RHSA-2009-1106.html , and https://rhn.redhat.com/errata/RHSA-2009-1081.html .
This issue is not planned to be fixed in Red Hat Enterprise Linux 2.1 and 3, due to these products being in Production 3 of their maintenance life-cycles, where only qualified security errata of important or critical impact are addressed.
This issue has been fixed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2009-0427.html . udev packages as shipped in Red Hat Enterprise Linux 4 were not affected by this flaw, as they do not use netlink sockets for communication. udev is not shipped in Red Hat Enterprise Linux 2.1 and 3.
Not vulnerable. This issue did not affect the versions of udev as shipped with Red Hat Enterprise Linux 4, or 5.
This flaw affected JBoss Enterprise BRMS Platform 5.1.0 when run on Sun JDK 1.5.x. It was resolved in JBoss Enterprise BRMS Platform 5.2.0, both by updating spring and by dropping support for Sun JDK 1.5.x.
Red Hat does not consider this to be a security issue. Affected file is supposed to be used to exchange information between local system users, therefore open permissions are intentional.
Red Hat does not consider this to be a security issue. The checks implemented by screen to protect against race condition attacks on /tmp/screen-exchange file provide sufficient protection for this rarely-used buffer exchange feature. For more details, see https://bugzilla.redhat.com/show_bug.cgi?id=492104
https://bugzilla.mozilla.org/show_bug.cgi?id=485941
Red Hat does not consider a user-assisted crash of a client application such as Firefox to be a security issue.
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG.
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 4, 5, or Red Hat Enterprise MRG, as the affected driver is not enabled in these kernels.
The affected driver is available in Red Hat Enterprise Linux 3, but only if the kernel-unsupported package is installed.
This issue has been rated as having moderate security impact as it does not lead to a denial of service or privilege escalation. As Red Hat Enterprise Linux 3 is now in Production 3 of its maintenance life-cycle, http://www.redhat.com/security/updates/errata, and the affected driver can only be enabled when using the unsupported kernel-unsupported package, a fix for this issue is not currently planned to be included in the future updates.
Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5.
This issue did not affect PHP versions as shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5, and Red Hat Application Stack v1. PHP version in Red Hat Application Stack v2 was fixed via: https://rhn.redhat.com/errata/RHSA-2009-0350.html
Not vulnerable. This issue did not affect PHP versions as shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5, and Red Hat Application Stack v1 and v2. This problem was introduced in the fix for CVE-2008-5658. Patch for CVE-2008-5658 as used in Red Hat Application Stack v2 also includes the fix for this crash too.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-1284
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Not vulnerable. This issue did not affect the versions of ecryptfs-utils as shipped with Red Hat Enterprise Linux 5. eCryptfs encrypted home directories are not set up during the system installation, so theres no possibility for leaking encryption passwords to the installation log file.
Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG as they did not include upstream commit 7c73a6fa that introduced the problem.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5. It was addressed in Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2009-1081.html .
This flaw was caused by a C2Net specific patch added to Apache http_log.c in Stronghold 2.3.
C2Net Stronghold 2.3 reached end of life for updates on October 31st 2000.
http://www.awe.com/mark/history/stronghold.html
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, or Red Hat Enterprise MRG.
This issue did not affect versions of openssl as shipped in Red Hat Enterprise Linux 3 and 4. This issue was addressed for Red Hat Enterprise Linux 5
by http://rhn.redhat.com/errata/RHSA-2009-1335.html
Note that both the DTLS specification and OpenSSLs implementation is still in development and unlikely to be used in production environments. There is no component shipped in Red Hat Enterprise Linux 5 using OpenSSLs DTLS implementation, except for OpenSSLs testing command line client - openssl.
This issue did not affect versions of openssl as shipped in Red Hat Enterprise Linux 3 and 4. This issue was addressed for Red Hat Enterprise Linux 5
by http://rhn.redhat.com/errata/RHSA-2009-1335.html
Note that both the DTLS specification and OpenSSLs implementation is still in development and unlikely to be used in production environments. There is no component shipped in Red Hat Enterprise Linux 5 using OpenSSLs DTLS implementation, except for OpenSSLs testing command line client - openssl.
This issue did not affect versions of openssl as shipped in Red Hat Enterprise Linux 3 and 4. This issue was addressed for Red Hat Enterprise Linux 5
by http://rhn.redhat.com/errata/RHSA-2009-1335.html
Note that both the DTLS specification and OpenSSLs implementation is still in development and unlikely to be used in production environments. There is no component shipped in Red Hat Enterprise Linux 5 using OpenSSLs DTLS implementation, except for OpenSSLs testing command line client - openssl.
Not vulnerable. This issue did not affect the versions of squirrelmail as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Updates for squirrelmail released via RHSA-2009:1066 (https://rhn.redhat.com/errata/RHSA-2009-1066.html) fixed original flaw CVE-2009-1579 without introducing CVE-2009-1381.
This issue did not affect the versions of the pam_krb5 packages, as shipped with Red Hat Enterprise Linux 3 and 4. The issue was addressed in the pam_krb5 packages as shipped with Red Hat Enterprise Linux 5 via:
https://rhn.redhat.com/errata/RHSA-2010-0258.html
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat Enterprise MRG.
It was addressed in Red Hat Enterprise 5 via: https://rhn.redhat.com/errata/RHSA-2009-1193.html
Not vulnerable. This issue did not affect the versions of mutt as shipped with Red Hat Enterprise Linux 3, 4, or 5. Only mutt version 1.5.19 was affected by this flaw.
Not vulnerable. This issue did not affect versions of gnutls shipped in Red Hat Enterprise Linux 4 and 5 as it only affected gnutls 2.6.x versions.
Not vulnerable. This issue did not affect versions of gnutls shipped in Red Hat Enterprise Linux 4 and 5 as it only affected gnutls 2.6.x versions.
The Red Hat Security Response Team has rated this issue as having low security impact. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 4, or 5.
For further details, see: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1417
The impact of this flaw is limited to application crash, not allowing code execution. Red Hat does not consider a user-assisted crash of a client application such as media players using GStreamer framework to be a security issue.
For further details, see: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1438
Based on our analysis this issue does not have a security consequence and does not lead to a buffer overflow or denial of service. For more details of our technical evaluation see https://bugzilla.redhat.com/show_bug.cgi?id=499252#c18
Not vulnerable. This issue did not affect the versions of libmodplug embedded in gstreamer-plugins as shipped with Red Hat Enterprise Linux 3 and 4, as they do not include support for the PAT file type.
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, or Red Hat Enterprise MRG.
This CVE entry is a duplicate of CVE-2009-0689 and has been rejected; please refer to that CVE entry for additional product fixes and information.
Not vulnerable. This issue did not affect the versions of zebra as shipped with Red Hat Enterprise Linux 2.1, and the versions of quagga as shipped with Red Hat Enterprise Linux 3, 4, or 5.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, and 3.
It was addressed in Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2009-1132.html , https://rhn.redhat.com/errata/RHSA-2009-1106.html , and https://rhn.redhat.com/errata/RHSA-2009-1157.html .
Red Hat does not consider this to be a security issue. By default, user home directories are created with mode 0700 permissions, which would not expose the ~/.evolution/ directory regardless of its own permissions.
If a user intentionally relaxes permissions on their home directory, they should be auditing all files and directories in order to not expose unwanted files to other local users.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, and 3.
It was addressed in Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2009-1211.html , https://rhn.redhat.com/errata/RHSA-2009-1106.html , and https://rhn.redhat.com/errata/RHSA-2009-1157.html .
Not vulnerable. This issue did not affect the versions of the kdelibs packages, as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of the kdelibs packages, as shipped with Red Hat Enterprise Linux 3, 4, or 5.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, and Red Hat Enterprise MRG. It was addressed in Red Hat Enterprise Linux 4 and 5 via https://rhn.redhat.com/errata/RHSA-2009-1132.html and https://rhn.redhat.com/errata/RHSA-2009-1106.html .
This issue did not affect kernel packages as shipped in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 1.
It was addressed in Red Hat Enterprise Linux 4 via https://rhn.redhat.com/errata/RHSA-2009-1438.html .
This issue has been rated as having moderate security impact.
It is not planned to be fixed in Red Hat Enterprise Linux 3, due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important or critical impact are addressed.
For further information about Errata Support Policy, visit: http://www.redhat.com/security/updates/errata/
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-1885
The Red Hat Security Response Team has rated this issue as having low security impact, a future xerces-c packages update in Red Hat Enterprise MRG 1.1 may address this flaw.
Not vulnerable. This issue did not affect the versions of samba as shipped with Red Hat Enterprise Linux 3, 4, or 5.
This issue did not affect Red Hat Enterprise Linux 3.
It was addressed in Red Hat Enterprise Linux 4 and 5 via RHSA-2009:1529:
https://rhn.redhat.com/errata/RHSA-2009-1529.html
Not vulnerable. Red Hat Enterprise Linux 3, 4, and 5 provide earlier versions of ISC DHCP which are not vulnerable to this issue.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-1897
The flaw only affects the Red Hat Enterprise Linux 5.4 beta kernel, which includes a backport of the upstream bug fix introducing this flaw (git commit 33dccbb0). This issue did not affect the final released Red Hat Enterprise Linux 5.4 kernel. It is also possible to mitigate this flaw by ensuring that the permissions for /dev/net/tun is restricted to root only.
This issue does not affect any other released kernel in any Red Hat product.
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG. Red Hat does not provide support for the Linux kernel on the SPARC64 architecture.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and 5. It was addressed in Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-1157.html
This issue has been addressed in Red Hat Enterprise Linux 3, 4, and 5 via https://rhn.redhat.com/errata/RHSA-2010-0534.html.
Not vulnerable. This issue did not affect the versions of openoffice.org and openoffice.org2 packages as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of stardict as shipped with Red Hat Enterprise Linux 5.
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and 5, and Red Hat Enterprise MRG.
This flaw does not affect Red Hat JBoss Enterprise Application Platform 5 or 6. Older versions of the community JBoss Application Server 5.x may be affected.
The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat Enterprise MRG did not include support for eCryptfs, and therefore are not affected by this issue.
Red Hat Enterprise Linux 5 was vulnerable to this issue and was addressed via: https://rhn.redhat.com/errata/RHSA-2009-1193.html
The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat Enterprise MRG did not include support for eCryptfs, and therefore are not affected by this issue.
Red Hat Enterprise Linux 5 was vulnerable to this issue and was addressed via: https://rhn.redhat.com/errata/RHSA-2009-1193.html
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2446
This issue was addressed for Red hat Enterprise Linux 5 by https://rhn.redhat.com/errata/RHSA-2009-1289.html and Red Hat Enterprise Linux 4 by https://rhn.redhat.com/errata/RHSA-2010-0110.html .
The Red Hat Security Response Team has rated this issue as having low security impact, future MySQL package updates may address this flaw for Red Hat Enterprise Linux 3 and Red Hat Application Stack 2.
Red Hat does not consider a user-assisted crash of a client application such as Konqueror to be a security issue.
Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 3, 4, or 5.
The affected version of Wireshark as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2010-0360.html
Vectors (1) Bluetooth L2CAP and (3) MIOP did not affect the versions of the Wireshark package, as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 3, 4, or 5.
The affected version of Wireshark as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2010-0360.html
The affected version of Wireshark as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2010-0360.html
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 or Red Hat Enterprise MRG.
Not vulnerable. This issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of gzip as shipped with Red Hat Enterprise Linux 3, 4, or 5. It was corrected in the versions of gzip as shipped with Red Hat Enterprise Linux 6.0 and later.
Red Hat does not consider this flaw to be a security issue. The bug can only be triggered by the PHP script author, which does not cross trust boundary.
This issue was addressed in php packages shipped in Red Hat Enterprise Linux 3, 4 and 5 via: https://rhn.redhat.com/errata/RHSA-2010-0040.html
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-2688
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
The Red Hat Security Response Team has rated this issue as having moderate security impact.
We currently have no plans to fix this flaw in Red Hat Enterprise Linux 3, 4, and 5 as it is not possible to trigger the information leak if the suid_dumpable tunable is set to zero (which is the default).
It was addressed in Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-1540.html
Red Hat is aware of this issue. Please see http://kbase.redhat.com/faq/docs/DOC-18065.
Updates for Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG to correct this issue are available: https://rhn.redhat.com/cve/CVE-2009-2692.html
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2693
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
This issue has been addressed in JBoss Enterprise Web Server 1.0.1: https://rhn.redhat.com/errata/RHSA-2010-0119.html
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise MRG. Updates for Red Hat Enterprise Linux 3, 4 and 5 to correct this issue are available: https://rhn.redhat.com/cve/CVE-2009-2698.html
This flaw does not affect the version of APR shipped in Red Hat Enterprise Linux.
This flaw affected JBoss Enterprise Web Server running on the Solaris platform. Updated httpd packages are available for download from Customer Support Portal.
Not vulnerable. This issue did not affect the versions of qt and qt4 as shipped with Red Hat Enterprise Linux 3, 4, or 5. Affected code was introduced upstream in version 4.3.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2702
This issue did not affect kdelibs packages as shipped in Red Hat Enterprise Linux 3 and 4.
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw in Red Hat Enterprise Linux 5.
Not vulnerable. This issue did not affect the versions of ia32el as shipped with Red Hat Enterprise Linux 3, 4 or 5.
Not vulnerable. This issue only affected kernels version 2.6.28-rc1 and later.
Therefore this issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 or Red Hat Enterprise MRG..
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 or Red Hat Enterprise MRG. Red Hat does not provide support for flat binary support, and additionally this issue only affected kernels version 2.6.29-rc1 and later.
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 or Red Hat Enterprise MRG.
Please note this issue only affected Linux kernel versions after v2.6.30-rc1 and was fixed in v2.6.31-rc6.
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 or Red Hat Enterprise MRG. Red Hat does not provide support for the Linux kernel on the PA-RISC architecture.
This issue has been rated as having moderate security impact. It was addressed in Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG:
http://rhn.redhat.com/cve/CVE-2009-2847.html
This issue is not planned to be fixed in Red Hat Enterprise Linux 3, due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important or critical impact are addressed. For further information about Errata Support Policy, visit: http://www.redhat.com/security/updates/errata/
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2849
The flaw was introduced in kernel version 2.6.17-rc1. The Linux kernel as shipped with Red Hat Enterprise Linux 3, and 4 are not affected by this issue.
It was addressed in Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-1540.html
A future kernel update for Red Hat Enterprise Linux 5 will address this flaw.
This issue did not affect the versions of the squid packages, as shipped with Red Hat Enterprise Linux 3 and 4.
The issue was addressed in the squid packages as shipped with Red Hat Enterprise Linux 5 via:
https://rhn.redhat.com/errata/RHSA-2010-0221.html
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2901
This issue did not affect Tomcat versions running on Linux or Solaris systems.
This issue is fixed in the tomcat5 and tomcat6 packages released with JBoss Enterprise Web Server 1.0.1 for Windows.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2902
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
This issue has been addressed in JBoss Enterprise Web Server 1.0.1: https://rhn.redhat.com/errata/RHSA-2010-0119.html
Red Hat is aware of this issue. Please see http://kbase.redhat.com/faq/docs/DOC-19077
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5, as the affected driver is not enabled in these kernels. The affected driver is available in Red Hat Enterprise MRG. It is also available in Red Hat Enterprise Linux 3, but only if the kernel-unsupported package is installed. Future kernel updates in Red Hat Enterprise Linux 3 and Red Hat Enterprise MRG will address this issue.
The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat Enterprise MRG do not include support for eCryptfs, and therefore are not affected by this issue.
It was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2009-1548.html
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, or Red Hat Enterprise MRG, as the affected driver is not enabled in these kernels.
The affected driver is available in Red Hat Enterprise Linux 3, but only if the kernel-unsupported package is installed.
Future kernel update in Red Hat Enterprise Linux 3 may address this flaw.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2009-2910
It has been rated as having moderate security impact.
It was addressed in Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-1671.html , https://rhn.redhat.com/errata/RHSA-2010-0046.html and https://rhn.redhat.com/errata/RHSA-2009-1540.html respectively.
This issue is not planned to be fixed in Red Hat Enterprise Linux 3, due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important and critical impact are addressed.
For further information about Errata Support Policy, visit: http://www.redhat.com/security/updates/errata/
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 or Red Hat Enterprise MRG. Red Hat does not provide support for PF_LLC sockets in the Linux kernels.
CVE-2009-3002 describes a collection of similar information leaks that affect numerous networking protocols.
The Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 did not enable support for the AppleTalk DDP protocol, and therefore were not affected by issue (1). It was addressed in Red Hat Enterprise Linux 3 and Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-1550.html and https://rhn.redhat.com/errata/RHSA-2009-1540.html respectively.
The Linux kernel as shipped with Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG did not enable support for IrDA sockets, and therefore were not affected by issue (2). It was addressed in Red Hat Enterprise Linux 3 via: https://rhn.redhat.com/errata/RHSA-2009-1550.html
The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG did not enable support for the Acorn Econet and AUN protocols, and therefore were not affected by issue (3).
The Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG did not enable support for the NET/ROM and ROSE protocols, and therefore were not affected by issues (4) and (5). They were addressed in Red Hat Enterprise Linux 3 via: https://rhn.redhat.com/errata/RHSA-2009-1550.html
The raw_getname() leak was introduced in the Linux kernel version 2.6.25-rc1. The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG therefore were not affected by issue (6).
Not vulnerable. This issue did not affect the versions of pidgin as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Red Hat has released updates to correct this issue:
https://rhn.redhat.com/errata/RHSA-2009-1453.html
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 or Red Hat Enterprise MRG, as they do not contain a backport of the tty ldisc rewrite (upstream commits 65b770468e98 and cbe9352fa08f).
Not vulnerable. This issue did not affect the versions of libsilc as shipped with Red Hat Enterprise Linux 4, or 5.
Not vulnerable. This issue did not affect the versions of Pidgin packages, as shipped with Red Hat Enterprise Linux 3, 4, or 5.
List of the errata fixing this flaw in affected products can be found at:
https://www.redhat.com/security/data/cve/CVE-2009-3094.html
List of the errata fixing this flaw in affected products can be found at:
https://www.redhat.com/security/data/cve/CVE-2009-3095.html
Not vulnerable. This issue did not affect the versions of libsilc as shipped with Red Hat Enterprise Linux 4, or 5.
This issue was addressed in Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-1522.html , https://rhn.redhat.com/errata/RHSA-2009-1548 and https://rhn.redhat.com/errata/RHSA-2009-1540 respectively.
It has been rated as having moderate security impact and is not planned to be fixed in Red Hat Enterprise Linux 3, due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important or critical impact are addressed.
For further information about Errata Support Policy, visit: http://www.redhat.com/security/updates/errata/
Not vulnerable. This issue did not affect the versions of PostgreSQL as shipped with Red Hat Enterprise Linux 3, 4, or 5.
In PostgreSQL versions prior to 8.2, only database administrator was able to LOAD additional plugins and use it to cause server crash. However, this does not bypass trust boundary, so its not a security flaw for older PostgreSQL versions. Additionally, no plugins are shipped in Red Hat PostgreSQL packages by default.
This issue was addressed in Red Hat Application Stack v2 via https://rhn.redhat.com/errata/RHSA-2009-1461.html .
Not vulnerable. This issue did not affect the versions of PostgreSQL as shipped with Red Hat Enterprise Linux 3, 4, or 5, as they do not support LDAP authentication, which was introduced upstream in version 8.2.
This issue was addressed in Red Hat Application Stack v2 via https://rhn.redhat.com/errata/RHSA-2009-1461.html .
Not vulnerable. This issue only affected kernels version v2.6.31-rc1 and later. Therefore this issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 or Red Hat Enterprise MRG.
Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Not vulnerable. This vulnerability was introduced into the Linux kernel in version 2.6.30-rc1 via upstream commit 2a519311, and therefore does not affect users of Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat Enterprise MRG.
It was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2009-1548.html
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 or Red Hat Enterprise MRG. This issue was introduced by upstream commit 10db10d1, and only affected kernels version 2.6.28-rc1 and later.
Not vulnerable. This issue does not affect the versions of glib2 as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2009-3290
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat Enterprise MRG as KVM (Kernel-based Virtual Machine) is only supported in Red Hat Enterprise Linux 5. A future kernel update in Red Hat Enterprise Linux 5 will address this flaw.
This problem is not a security flaw in the PHP versions 4.3.5 and later. For further details, see: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3293
PHP versions shipped in Red Hat Enterprise Linux 4 and 5 do not need this fix. We do not plan to address this flaw in Red Hat Enterprise Linux 3.
Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 3, 4, or 5, and Red Hat Application Stack v2.
Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of libtheora as shipped with Red Hat Enterprise Linux 4, or 5.
Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 3, 4, or 5.
The affected version of Wireshark as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2010-0360.html
Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3555
Additional information can be found in the Red Hat Knowledgebase article:
http://kbase.redhat.com/faq/docs/DOC-20491
This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG. Shipped kernels do not include upstream commit d025c9db that introduced the problem.
This upstream commit was backported in Red Hat Enterprise Linux 5 via RHBA-2008:0314 update. Issue was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0046.html
We do not consider safe_mode / open_basedir restriction bypass issues being security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
We do not consider safe_mode / open_basedir restriction bypass issues being security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
The Red Hat Security Response Team does not currently plan to fix this flaw in MRG.
Not vulnerable. This issue did not affect the version of poppler as shipped with Red Hat Enterprise Linux 5.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/CVE-2009-3612
This issue has been rated as having moderate security impact.
It was addressed in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-1670.html and https://rhn.redhat.com/errata/RHSA-2009-1540.html respectively.
A future kernel update in Red Hat Enterprise Linux 4 will address this flaw.
This issue is not planned to be fixed in Red Hat Enterprise Linux 3 due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important or critical impact are addressed.
For further information about the Errata Support Policy, visit: http://www.redhat.com/security/updates/errata/
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-3621
This issue has been rated as having moderate security impact.
It was addressed in Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-1671.html , https://rhn.redhat.com/errata/RHSA-2009-1670.html and https://rhn.redhat.com/errata/RHSA-2009-1540.html respectively.
This issue is not planned to be fixed in Red Hat Enterprise Linux 3, due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important or critical impact are addressed.
For further information about Errata Support Policy, visit: http://www.redhat.com/security/updates/errata/
Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, or Red Hat Enterprise MRG. Those versions do not include the upstream patch that introduced this vulnerability.
Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, or Red Hat Enterprise MRG. Those versions do not include the upstream patch that introduced this vulnerability.
Not vulnerable. This issue did not affect the versions of perl as shipped with Red Hat Enterprise Linux 3, 4, or 5.
This issue does not affect Red Hat Enterprise Linux 3, 4, or 5.
This flaw can only lead to a denial of service if perl-HTML-Parser is used in conjunction with perl 5.10.1. If perl-HTML-Parser is used with earlier versions of perl, this flaw does not lead to a denial of service.
Not vulnerable. This issue did not affect the versions of KVM as shipped with Red Hat Enterprise Linux 5. KVM is only supported on AMD64/x86_64 architecture on Red Hat Enterprise Linux 5.
Not vulnerable. This issue did not affect the versions of KVM as shipped with Red Hat Enterprise Linux 5 as it does not contain the patch that introduced this vulnerability (upstream commit f0a3602c).
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3722
The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update will address this flaw.
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 or Red Hat Enterprise MRG, as they do not include the upstream change introducing this flaw.
The Linux kernel as shipped with Red Hat Enterprise Linux 3 did not have support for NFSv4, and therefore is not affected by this issue. It was addressed in Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2010-0474.html, https://rhn.redhat.com/errata/RHSA-2009-1670.html and https://rhn.redhat.com/errata/RHSA-2009-1635.html respectively.
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Not vulnerable. This issue did not affect the versions of mutt as shipped with Red Hat Enterprise Linux 3, 4, or 5.
This issue was addressed in the openldap packages as shipped with Red Hat Enterprise Linux 5 and 4 via: https://rhn.redhat.com/errata/RHSA-2010-0198.html and https://rhn.redhat.com/errata/RHSA-2010-0543.html respectively.
The Red Hat Security Response Team has rated this issue as having moderate security impact, a future openldap update may address this flaw in Red Hat Enterprise Linux 3.
The affected version of Wireshark as shipped in Red Hat Enterprise Linux 3, 4, and 5 were fixed via: https://rhn.redhat.com/errata/RHSA-2010-0360.html
Not vulnerable. The Linux kernels as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG did not have MMU disabled, and therefore are not affected by this issue.
This issue did not affect the version of the Linux kernel as shipped with Red Hat Enterprise Linux 3, as it does not implement the sysfs file system ("/sys/"), through which dbg_lvl file is exposed by the megaraid_sas driver.
Issue was addressed in Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2010-0076.html , https://rhn.redhat.com/errata/RHSA-2010-0046.html and https://rhn.redhat.com/errata/RHSA-2009-1635.html respectively.
Not vulnerable. This issue did not affect the versions of libexif as shipped with Red Hat Enterprise Linux 4, or 5.
This issue did not affect the version of dovecot shipped with Red Hat Enterprise Linux 6.
Vulnerable. This issue affects gimp packages in Red Hat Enterprise Linux 4 and 5. This issue does not affect gimp package in Red Hat Enterprise Linux 6.
Not vulnerable. This issue did not affect the versions of poppler as shipped with Red Hat Enterprise Linux 5.
This issue did not affect the version of the Linux kernel as shipped with Red Hat Enterprise Linux 3, as it does not implement the sysfs file system ("/sys/"), through which poll_mode_io file is exposed by the megaraid_sas driver.
Issue was addressed in Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2010-0076.html , https://rhn.redhat.com/errata/RHSA-2010-0046.html and https://rhn.redhat.com/errata/RHSA-2009-1635.html respectively.
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat Enterprise MRG as KVM (Kernel-based Virtual Machine) is only supported in Red Hat Enterprise Linux 5.
Red Hat Enterprise Linux 5 is not vulnerable to this issue because it does not include the change that introduced this buffer overflow vulnerability.
The Linux kernel as shipped with Red Hat Enterprise Linux 3, 5, and Red Hat Enterprise MRG did not include support for the HiSax ISDN driver for Colognechip HFC-S USB chip, and therefore were not affected by this issue.
Issue was addressed in Red Hat Enterprise Linux 4 via https://rhn.redhat.com/errata/RHSA-2010-0076.html
We do not consider safe_mode / open_basedir restriction bypass issues being security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
This issue did not affect the version of the Linux kernel as shipped with Red Hat Enterprise MRG as the affected driver is not enabled in this kernel.
It was addressed in Red Hat Enterprise Linux 4 and 5 via https://rhn.redhat.com/errata/RHSA-2010-0076.html and https://rhn.redhat.com/errata/RHSA-2010-0046.html respectively.
Red Hat Enterprise Linux 3 is now in Production 3 of the maintenance life-cycle, http://www.redhat.com/security/updates/errata, and this issue is rated as having low impact, therefore the fix for this issue is not currently planned to be included in the future updates.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2009-4021
The Linux kernel packages as shipped with Red Hat Enterprise Linux 3 and 4 do not include support for FUSE, and therefore are not affected by this issue.
It was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0046.html
A future kernel update for Red Hat Enterprise MRG will address this flaw.
While this flaw exists in all 9.x versions, we do not plan to release bind updates for Red Hat Enterprise Linux 3 and 4 including this fix. The version of bind shipped in those products is 9.2.4, which has an older DNSSEC implementation, which is incompatible with currently used DNSSEC version and can not be used to secure communication with current public internet DNS servers.
This flaw does not introduce additional risks to bind installations that are not using DNSSEC, as a successful attack requires bypass of other cache poisoning protections (such as random query source ports and transaction ids). This flaw only allows for the bypass of protection provided by DNSSEC.
Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG. Shipped kernels do not include upstream commits d75636ef and d92684e6 that introduced the problem.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/CVE-2009-4027.
This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3 and 4 as they do not have support for the mac80211 framework.
It did not affect the version of the Linux kernel as shipped with Red Hat Enterprise MRG as they do not include the upstream patch that introduced this vulnerability.
A future update will address this flaw in Red Hat Enterprise Linux 5.
Red Hat is aware of this issue and is tracking it via the following
bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-4029
This issue was addressed in the automake, automake14, automake15, automake16 and automake17 packages as shipped with Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2010-0321.html
The Red Hat Security Response Team has rated this issue as having low security impact, theres no plan to address this flaw in automake packages in Red Hat Enterprise Linux 3 and 4.
This issue is only security-relevant in PostgreSQL versions 8.4 and later as previous versions did not compare the connection host name with the certificate CommonName at all. Client certificate authentication was introduced in version 8.4. Red Hat Enterprise Linux 5 and earlier provided PostgreSQL versions 8.1.x and earlier, and are thus not affected by this issue.
This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as the affected code has been removed. It was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2011-1386.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.
Not vulnerable. This issue did not affect the versions of ruby as shipped with Red Hat Enterprise Linux 5 and 6 as it did not affect the Ruby 1.8 series.
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG. Those versions do not include the upstream patch that introduced this vulnerability.
The Red Hat Security Response Team has rated this issue as having low security
impact, a future update may address this flaw.
This issue does not affect users using coreutils binary RPMs, or rebuilding source RPMs. Therefore, we do not plan to release updates addressing this flaw on Red Hat Enterprise Linux 3, 4 and 5.
For additional details, refer to the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-4135
This issue was addressed in Red Hat Enterprise Linux 3 via
https://rhn.redhat.com/errata/RHSA-2010-0427.html
This issue was addressed in Red Hat Enterprise Linux 4 via
https://rhn.redhat.com/errata/RHSA-2010-0428.html
This issue was addressed in Red Hat Enterprise Linux 5 via
https://rhn.redhat.com/errata/RHSA-2010-0429.html and https://rhn.redhat.com/errata/RHSA-2010-0430.html
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2009-4138
The Linux kernel packages as shipped with Red Hat Enterprise Linux 3 and 4 have a different (and older) implementation of the driver for OHCI 1394 controllers, which is not affected by this issue.
It was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0046.html
A future kernel update for Red Hat Enterprise MRG will address this flaw.
Vulnerable. This issue has been addressed in Red Hat Network Satellite Server v 5.4.1 via RHSA-2011:0879 https://rhn.redhat.com/errata/RHSA-2011-0879.html. This issue is not planned to be fixed in Red Hat Network Satellite Server version 5.3.0.
This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG. Shipped kernels do not include upstream commit 233e70f4 that introduced the problem.
It was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0046.html
We do not consider safe_mode / open_basedir restriction bypass issues being security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-4227
The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-4228
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
Red Hat considers this to be a duplicate of the CVE-2009-4033, rather than a separate issue. For further details, see: https://bugzilla.redhat.com/show_bug.cgi?id=542926#c10
Not vulnerable. This issue did not affect the versions of ghostscript as shipped with Red Hat Enterprise Linux 3, 4, or 5.
This security issue did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 3, 5 and Red Hat Enterprise MRG. This issue was addressed in Red Hat Enterprise Linux 4 via https://rhn.redhat.com/errata/RHSA-2010-0146.html.
This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG. Shipped kernels do not include upstream commits c6153b5b and 1080d709 that introduced the problem.
It was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0046.html
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/CVE-2009-4307
The Linux kernel packages as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG do not include support for EXT4, and therefore are not affected by this issue.
A future kernel update for Red Hat Enterprise Linux 5 will address this flaw.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/CVE-2009-4308
The Linux kernel packages as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG do not include support for EXT4, and therefore are not affected by this issue. This issue was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0147.html.
Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG. Shipped kernels do not include upstream commit 59efec7b that introduced the problem.
Not vulnerable. This issue did not affect the versions of acl as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Red Hat does not consider this to be a security flaw. For further details, see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-4418
Not vulnerable. This issue did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 3, 4, or 5. The packages use OpenSSL and not yaSSL.
Not vulnerable. This issue did not affect the versions of Thunderbird as shipped with Red Hat Enterprise Linux 4 and 5, and Seamonkey as shipped with Red Hat Enterprise Linux 3 and 4.
Not vulnerable. This issue did not affect the versions of Firefox, Thunderbird, or Seamonkey as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of gnome-screensaver as shipped with Red Hat Enterprise Linux 5.
Red Hat does not consider this bug to be a security issue. Properly written application should not use arbitrary untrusted data as part of the format string passed to functions as strfmon or printf family functions.
Red Hat does not consider this bug to be a security issue. Properly written application should not use arbitrary untrusted data as part of the format string passed to functions as strfmon or printf family functions.
This issue did not affect the version of Linux kernel as shipped with Red Hat
Enterprise Linux 3, 4 and 5. This issue was addressed in Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2010-0161.html.
Not vulnerable. This issue did not affect the versions of pcsc-lite as shipped with Red Hat Enterprise Linux 5.
This flaw did not affect libtiff as shipped in Red Hat Enterprise Linux 4 or 5. The OJPEG decoder is disabled in those distributions.
Not vulnerable. This issue did not affect the versions of groff as shipped with Red Hat Enterprise Linux 4, 5, or 6.
These flaws do not affect any version of libpng shipped with Red Hat Enterprise Linux.
Not vulnerable. This issue did not affect the versions of groff as shipped with Red Hat Enterprise Linux 4, 5, or 6.
The Red Hat Security Response Team has rated this issue as having low security impact because it can only be exploited during package compilation. We do not currently plan to fix this flaw.
Not vulnerable. This issue did not affect the versions of groff as shipped with
Red Hat Enterprise Linux 4, 5, or 6.
The Red Hat Security Response Team has rated this issue as having low security impact because it can only be exploited during package compilation. We do not currently plan to fix this flaw.
This issue did not affect the versions of gnutls as shipped with Red Hat Enterprise Linux 6.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/CVE-2010-0003.
This issue has been rated as having moderate security impact.
A future update in Red Hat Enterprise MRG may address this flaw. This issue was addressed in Red Hat Enterprise Linux 4 and 5 via https://rhn.redhat.com/errata/RHSA-2010-0146.html and https://rhn.redhat.com/errata/RHSA-2010-0147.html respectively.
This issue is not planned to be fixed in Red Hat Enterprise Linux 3, due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important or critical impact are addressed.
For further information about Errata Support Policy, visit: http://www.redhat.com/security/updates/errata/
Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG as they did not have support for network namespaces, and did not include upstream commit 483a47d2 that introduced the problem.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/CVE-2010-0007.
This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, as it did not include support for ebtables. This issue was addressed in Red Hat Enterprise Linux 4 and 5 via https://rhn.redhat.com/errata/RHSA-2010-0146.html and https://rhn.redhat.com/errata/RHSA-2010-0147.html respectively. A futur e update in Red Hat Enterprise MRG may address this flaw.
This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3 as it did not include support for SCTP. It did not affect the version of Linux kernel as shipped with Red Hat Enterprise MRG as it has already had the fix to this issue. This was addressed in Red Hat Enterprise Linux 4 and 5 via https://rhn.redhat.com/errata/RHSA-2010-0146.html and https://rhn.redhat.com/errata/RHSA-2010-9419.html respectively.
This issue does not affect the Apache HTTP Server versions 2 and greater. This flaw does not affect any supported versions of Red Hat Enterprise Linux.
This flaw does affect Red Hat Network Proxy and Red Hat Network Satellite. While those products do not use this feature, we are tracking the issue with the following bug:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0010
The Red Hat Security Response Team has rated this issue as having low security impact. We do not currently plan to address this flaw on Red Hat Enterprise Linux 4 and 5. This issue does not affect Red Hat Enterprise Linux 6.
Not vulnerable. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.
Not vulnerable. This issue did not affect the versions of openoffice.org as shipped with Red Hat Enterprise Linux 3, 4, or 5.
This issue has been addressed in Red Hat Enterprise Linux 3, 4, and 5 via https://rhn.redhat.com/errata/RHSA-2010-0534.html.
Not vulnerable. This issue did not affect the versions of the bind as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of bind package as
shipped with Red Hat Enterprise Linux 3, 4, or 5.
This issue was addressed for Red Hat Enterprise Linux 4 and 5 via https://rhn.redhat.com/errata/RHSA-2010-0115.html
We currently have no plans to fix this flaw in Red Hat Enterprise Linux 3 as the MSN protocol support in the provided version of Pidgin (1.5.1) is out-dated and no longer supported by MSN servers. There are no plans to backport MSN protocol changes for that version of Pidgin.
Not vulnerable. This issue did not affect the versions of MIT Kerberos 5 as shipped with Red Hat Enterprise Linux 3, 4 or 5. Those versions do not contain the vulnerable code that was introduced in krb5 1.7.
Not vulnerable. This issue did not affect the versions of gnome-screensaver as
shipped with Red Hat Enterprise Linux 5 or 6.
The risks associated with fixing this bug are greater than the important severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 3 and 4. This issue was addressed in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2010-0504.html and https://rhn.redhat.com/errata/RHSA-2010-0161.html.
Not vulnerable. The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG did not include support for Devtmpfs, and therefore are not affected by this issue.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/CVE-2010-0307.
This issue has been rated as having moderate security impact.
This issue was addressed in Red Hat Enterprise Linux 4 via https://rhn.redhat.com/errata/RHSA-2010-0146.html. Future updates in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG may address this flaw.
This issue is not planned to be fixed in Red Hat Enterprise Linux 3, due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important or critical impact are addressed.
For further information about Errata Support Policy, visit: http://www.redhat.com/security/updates/errata/
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0308
This issue was addressed in the squid packages as shipped with Red Hat Enterprise Linux 5 via:
https://rhn.redhat.com/errata/RHSA-2010-0221.html
The Red Hat Security Response Team has rated this issue as having low security impact, a future squid update may address this flaw in Red Hat Enterprise Linux 3 and 4.
This issue did not affected Red Hat Enterprise Linux 3 and 4 due to the lack of localization in lppasswd as provided in those releases.
The affected code is present in Red Hat Enterprise Linux 5, however lppasswd is not shipped setuid so is not vulnerable to this issue. If a user were to enable the setuid bit on lppasswd, the impact would only be a crash of lppasswd due to use of FORTIFY_SOURCE protections. Therefore, there are no plans to correct this issue in Red Hat Enterprise Linux 5.
This issue was addressed in the php packages as shipped with Red Hat Enterprise Linux 4 and 5 via: https://rhn.redhat.com/errata/RHSA-2010-0919.html
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/CVE-2010-0410.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3 and 4, as they do not include support for kernel connectors. Future updates in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG may address this flaw.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3 and 4, as they do not include support for sys_move_pages. It was only introduced in kernel version 2.6.18 onwards. This issue was addressed in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2010-0147.html and https://rhn.redhat.com/errata/RHSA-2010-0161.html.
The Red Hat Security Response Team has rated this issue as having low security impact.
For Red Hat Enterprise Linux 4 and 5, this issue was addressed via https://rhn.redhat.com/errata/RHSA-2010-0115.html
We currently have no plans to fix this flaw in Red Hat Enterprise Linux 3 as the issue only causes Pidgin client to become unresponsive or crash.
This issue was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2010-0122.html
It did not affect the versions of the sudo package as shipped with Red Hat Enterprise Linux 3 and 4.
This issue was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2010-0122.html
It did not affect the versions of the sudo packages as shipped with Red Hat Enterprise Linux 3 and 4.
The CVE-2010-0430 issue was fixed in the kvm packages for Red Hat Enterprise Linux 5 via RHSA-2010:0271, and fixed in the rhev-hypervisor package via RHSA-2010:0476. This CVE was not disclosed at the time the errata were released; therefore, it was not mentioned in them.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0434
This issue was fixed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2010-0168.html
This issue was fixed in Red Hat Enterprise
Linux 4 via: https://rhn.redhat.com/errata/RHSA-2010-0175.html
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw on Red Hat Enterprise Linux 3. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/CVE-2010-0437.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3 and 4, as they do not include support for Optimistic Duplicate Address Detection (DAD) in IPv6. This was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-9419.html. A future update in Red Hat Enterprise MRG may address this flaw.
Not vulnerable. This issue did not affect the versions of fetchmail as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/CVE-2010-0622.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3 and 4, as they do not include support for priority-inheriting futex. Future updates in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG may address this flaw.
Not vulnerable. This security issue did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG, as they do not include the upstream change that introduced this flaw.
Not vulnerable. This flaw does not affect MIT krb5 as provided in Red Hat Enterprise Linux 3, 4, and 5.
Not vulnerable. This issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 3, 4, or 5. Those versions are not compiled with the support for HTCP protocol.
Not vulnerable. Apache ActiveMQ is not shipped with any supported Red Hat products.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/CVE-2010-0727.
This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise MRG, as it did not include support for the GFS and GFS2 file systems.
For the GFS issue, it was addressed in Red Hat Enterprise Linux 3 in the gfs package, 4 in the GFS-kernel package, and 5 in the gfs-kmod package, via https://rhn.redhat.com/errata/RHSA-2010-9493.html, https://rhn.redhat.com/errata/RHSA-2010-9494.html, https://rhn.redhat.com/errata/RHSA-2010-0291.html respectively.
For the GFS2 issue, it was addressed in Red Hat Enterprise Linux 5 in the kernel package via https://rhn.redhat.com/errata/RHSA-2010-0178.html.
Not vulnerable.
This issue did not affect the versions of the samba package, as shipped with Red Hat Enterprise Linux 3, 4, or 5.
This issue did not affect the version of the samba3x package, as shipped with Red Hat Enterprise Linux 5.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/CVE-2010-0729.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 5 or Red Hat Enterprise MRG, as they do not include the internal change introducing this flaw. A future update in Red Hat Enterprise Linux 4 may address this flaw.
This issue was fixed by a patch to JBoss Operations Network 2.3.1, available for download from the Red Hat Customer Portal: https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=1983&product=em&version=2.3.1&downloadType=securityPatches
Not vulnerable. This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Not vulnerable. These issues did not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG as they did not backport an out-of-tree drbd module (drbd8).
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2010-0789
This issue affects Red Hat Enterprise Linux 5 because it ships fusermount suid root, however the impact of this flaw is minimized due to the fact that only members in group fuse may use it the executable is owned root:fuse and mode 4750.
Red Hat Enterprise Linux 3 and 4 do not provide the fuse package.
Not vulnerable. This issues does not affect the versions of emacs or xemacs as shipped with Red Hat Enterprise Linux. The movemail utility in Red Hat Enterprise Linux does not have the setgid bit set, which is required for this flaw to be exploitable.
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
This issue was addressed in Samba packages in Red Hat Enterprise Linux 5. It did not affect Samba packages in Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this issue as having low security impact. There is no plan to address this flaw in Red Hat Enterprise Linux 4.
To prevent this issue, disable "wide links" or "unix extensions" in the Samba configuration file (/etc/samba/smb.conf) and restart smbd (service smb restart). Disabled "wide links" ensure that remote Samba clients will not have wide symbolic links (links pointing outside of the shared directory) resolved on the server side when processing requests from a client that does not support UNIX extensions. Disabled "unix extensions" prevents creation of wide links by malicious clients which support UNIX extensions. For further information, please view http://www.samba.org/samba/news/symlink_attack.html
CVE-2010-0928 describes a fault-based attack on OpenSSL where an attacker has precise control over the target system environment in order to be able to introduce faults through power supply manipulation.
The attack is not a viable threat to OpenSSL as used in Red Hat products. The Red Hat Security Response Team has rated this issue as having low security impact and we do not intend to issue updates to address it.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/CVE-2010-1083
This issue has been rated as having low security impact.
A future update in Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG may address this flaw. This issue is not planned to be fixed in Red Hat Enterprise Linux 3, due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important or critical impact are addressed.
For further information about Errata Support Policy, visit: http://www.redhat.com/security/updates/errata/
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/CVE-2010-1084
This issue did not affect the version of the Linux kernel as shipped with Red Hat Enterprise 3 and 4, as it did not use sysfs files. A future update in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG may address this flaw.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/CVE-2010-1085
This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3 and Red Hat Enterprise MRG as they did not include the affected function. A future update in Red Hat Enterprise Linux 4 and 5 may address this flaw.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/CVE-2010-1086
This issue did not affect the version of the Linux kernel as shipped with Red Hat Enterprise Linux 3 as it did not include support for ULE (Unidirectional Lightweight Encapsulation). We have included a fix for this issue in Red Hat Enterprise Linux 4 and 5 however the affected module is not build by default. This issue was addressed in Red Hat Enterprise MRG via http://rhn.redhat.com/errata/RHSA-2010-0631.html.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/CVE-2010-1087
This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3 and 4 as they did not include the upstream commit 150030b7 that had introduced the problem. A future update in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG may address this flaw.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/CVE-2010-1088
This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3 and 4 as this issue only affects kernel version 2.6.18 and onwards. A future update in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG may address this flaw.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/show_bug.cgi?id=577582
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
We do not consider safe_mode / open_basedir restriction bypass issues being security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
We do not consider safe_mode / open_basedir restriction bypass issues being security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
Not vulnerable. The Linux kernel as shipped with with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG did not include support for reiserfs and therefore are not affected by this issue.
Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG as they did not include support for POSIX opens on lookup.
The risks associated with fixing this flaw are greater than the low severity security risk. We therefore have no plans to fix this flaw. The information leak can be avoided by adjusting the configuration to always specify a realm-name.
The Red Hat Security Response Team has rated this issue as having low security impact. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 3, 4, or 5.
This issue was corrected in Red Hat Enterprise Linux 6 prior to its initial release.
Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates for this or earlier releases. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
This issue was corrected in Red Hat Enterprise Linux 6 prior to its initial release.
Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates for this or earlier releases. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and 5 as they did not include upstream commit ab521dc0 that introduced the problem. This issue was addressed in Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2010-0631.html.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/CVE-2010-1173.
This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3 as it did not include support for SCTP. Future kernel updates in Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG may address this flaw.
For more information, please see http://kbase.redhat.com/faq/docs/DOC-31052.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/CVE-2010-1187.
This issue did not affect the version of Linux kernel as shipped with Red Hat
Enterprise Linux 3, 4 and Red Hat Enterprise MRG as they did not include support for Transparent Inter-Process Communication Protocol (TIPC). A future kernel update in Red Hat Enterprise Linux 5 may address this flaw.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/CVE-2010-1188
This issue did not affect the version of the Linux kernel as shipped with Red Hat Enterprise MRG, as it was fixed since version v2.6.20-rc6. It was addressed in Red Hat Enterprise Linux 5 in the kernel package via https://rhn.redhat.com/errata/RHSA-2010-0178.html. A future update in Red Hat Enterprise Linux 3 and 4 may address this flaw.
The Red Hat Security Response Team has rated this issue as having low
security impact, a future update may address this flaw.
Not vulnerable. Apache ActiveMQ is not shipped with any supported Red Hat products.
Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 3, 4, or 5.
This issue did not affect Red Hat Enterprise Linux 3, 4, or 5. It was addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2010-0863.html.
This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 3, 4 and 5.
This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG as they did not include support for the GFS2 file system.
A future kernel update in Red Hat Enterprise Linux 5 will address this issue.
This issue did not affect the version of Linux kernel as shipped with Red Hat
Enterprise Linux 3. Future kernel updates in Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG will address this issue.
Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG as they did not include support for KGDB, a debugger for the Linux kernel.
The Red Hat Security Response Team has rated this issue as having low security
impact, a future update may address this flaw.
The Red Hat Security Response Team has rated this issue as having low security
impact, a future update may address this flaw.
Not vulnerable. This issue did not affect the versions of the Linux kernel as
shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG. Red Hat does not provide support for the Linux kernel on the SPARC architecture.
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Not vulnerable. The Linux kernel as shipped with with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG did not include upstream commit 28b83c51 (v2.6.32-rc1) that introduced the problem.
Not vulnerable. Apache ActiveMQ is not shipped with any supported Red Hat products.
Not vulnerable. These issues did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 3, 4, or 5.
This issue did not affect the versions of the SpringSource Spring Framework, as shipped with JBoss Enterprise Application Platform v4.2.0, v4.3.0, or v.5.0.0.
The Red Hat Security Response Team has rated this issue as having low security
impact, a future pidgin package update may address this flaw in Red Hat
Enterprise Linux 3, 4, and 5.
Not vulnerable. This issue did not affect the versions of ghostscript as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Not vulnerable. These issues did not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Not vulnerable. These issues did not affect the versions of samba as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG as they did not include support for Btrfs, a new copy on write filesystem.
The Red Hat Security Response Team has rated this issue as having low
security impact, a future update may address this flaw.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/CVE-2010-1641.
This issue did not affect the version of Linux kernel as shipped with Red Hat
Enterprise Linux 3, 4 and Red Hat Enterprise MRG as they did not include
support for the GFS2 file system.
A future kernel update in Red Hat Enterprise Linux 5 will address this issue.
Red Hat does not consider this to be a security flaw. This issue can cause smbd per-connection child process crash, resulting in the termination of an attacker's connection. Availability of the smb service is not impacted.
This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and 5 as they did not include nfs-export support for tmpfs. A future kernel update in Red Hat Enterprise MRG will address this issue.
Vulnerable. This issue affects quagga packages in Red Hat Enterprise
Linux 4 and 5. The Red Hat Security Response Team has rated this issue
as having low security impact, a future update may address this flaw.
The Red Hat Security Response Team has rated this issue as having low security
impact, a future update may address this flaw for Red Hat Enterprise Linux 3 and 4 mysql packages.
This issue was fixed in mysql packages shipped with Red Hat Enterprise Linux 5 via RHSA-2012:0127. The mysql packages in Red Hat Enterprise Linux 6 include this fix since the initial release of the product.
These issues did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 3, or 4.
Red Hat does not consider interruption issues allowing safe_mode / open_basedir
restriction bypass to be security sensitive. For more details see
https://bugzilla.redhat.com/show_bug.cgi?id=169857#c1 and
http://www.php.net/security-note.php
Red Hat does not consider interruption issues allowing safe_mode / open_basedir
restriction bypass to be security sensitive. For more details see
https://bugzilla.redhat.com/show_bug.cgi?id=169857#c1 and
http://www.php.net/security-note.php
Red Hat does not consider interruption issues allowing safe_mode / open_basedir
restriction bypass to be security sensitive. For more details see
https://bugzilla.redhat.com/show_bug.cgi?id=169857#c1 and
http://www.php.net/security-note.php
Red Hat does not consider interruption issues allowing safe_mode / open_basedir restriction bypass to be security sensitive. For more details see https://bugzilla.redhat.com/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 3, 4, or 5, and Red Hat Application Stack v2.
Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 3, 4, or 5, as well as the versions of php53 as shipped with Red Hat Enterprise Linux 5.
Not vulnerable. This issue did not affect the versions of ghostscript as shipped with Red Hat Enterprise Linux 3, 4, or 5.
The issue does not affect any Red Hat products as no products ship Struts2/XWork binaries.
Red Hat does not consider interruption issues allowing safe_mode / open_basedir
restriction bypass to be security sensitive. For more details see
https://bugzilla.redhat.com/show_bug.cgi?id=169857#c1 and
http://www.php.net/security-note.php
Red Hat does not consider interruption issues allowing safe_mode / open_basedir
restriction bypass to be security sensitive. For more details see
https://bugzilla.redhat.com/show_bug.cgi?id=169857#c1 and
http://www.php.net/security-note.php
This issue is not planned to be fixed in Red Hat Enterprise Linux 3 due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important and critical impact are addressed.
For further information about the Errata Support Policy, visit:
http://www.redhat.com/security/updates/errata
This issue has been addressed in Red Hat Enterprise Linux 4 via
https://rhn.redhat.com/errata/RHSA-2010-0428.html
This issue has been addressed in Red Hat Enterprise Linux 5 via
https://rhn.redhat.com/errata/RHSA-2010-0429.html and
https://rhn.redhat.com/errata/RHSA-2010-0430.html
There is not plan to address this issue in the PostgreSQL packages as shipped with Red Hat Enterprise Linux 3.
The Red Hat Security Response Team does not consider a user assisted denial of service (and potential crash) of end user application, such a Firefox, to be a security issue.
The Red Hat Security Response Team has rated this issue as having low security impact. By default, /var/spool/mail/ is not provided with permissions to make an attack scenario possible, and there is no reason for permissions to be relaxed in such a way as to make it possible. We therefore have no plans to fix this flaw in Red Hat Enterprise Linux 4 or 5.
The Red Hat Security Response Team has rated this issue as having low security impact. While support for the MBX mailbox format is compiled into Exim, it is not used by default. MBX mailboxes are only useful when used with UW-IMAP or the Pine mail client, neither of which are provided with Red Hat Enterprise Linux. If the MBX format is used, this issue can be worked around by specifying "use_fcntl_lock" rather than "use_mbx_lock". We therefore have no plans to fix this flaw in Red Hat Enterprise Linux 4 or 5.
Not vulnerable. This issue did not affect the versions of myfaces as shipped with JBoss Enterprise Web Server.
Not vulnerable. These issues did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 3, 4, or 5.
This issue did not affect the version of Linux kernel as shipped with Red Hat
Enterprise Linux 3, 4 and Red Hat Enterprise MRG as they did not include support for the Ext4 filesystem. A future kernel update in Red Hat Enterprise Linux 5 will address this issue.
Not vulnerable. These issues did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of Linux kernel as
shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG as
they did not include support for Btrfs, a new copy on write filesystem.
Not vulnerable. This issue does not affect the versions of Apache CXF shipped with any Red Hat products.
This flaw affects applications using unencrypted client-side view states on Mojarra as shipped with JBoss Communications Platform 1.2.11 and 5.1.1, JBoss Enterprise Application Platform 4.2.0, 4.3.0 and 5.1.1, JBoss Enterprise BRMS Platform 5.1.0, JBoss Enterprise Portal Platform 4.3 and 5.1.1, JBoss Enterprise SOA Platform 4.2.0, 4.3.0 and 5.1.0, JBoss Enterprise Web Platform 5.1.1 and JBoss Web Framework Kit 1.1.0 and 1.2.0. Unencrypted client-side view states are fundamentally insecure and should not be used. Developers are advised to always enable encryption when creating JavaServer Faces (JSF) applications using client-side view state. When using the Mojarra implementation of JSF, this is achieved by adding the following snippet to the application's web.xml:
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
<env-entry>
<env-entry-name>ClientStateSavingPassword</env-entry-name>
<env-entry-type>java.lang.String</env-entry-type>
<env-entry-value>INSERT_YOUR_PASSWORD</env-entry-value>
</env-entry>
Not Vulnerable. This issue does not affect the version of php as shipped with Red Hat Enterprise Linux 4, 5 and 6. This issue does not affect the version of php53 as shipped with Red Hat Enterprise Linux 5.
Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 3, 4, or 5, and Red Hat Application Stack v2.
Red Hat does not consider interruption issues allowing safe_mode / open_basedir
restriction bypass to be security sensitive. For more details see
https://bugzilla.redhat.com/show_bug.cgi?id=169857#c1 and
http://www.php.net/security-note.php
Red Hat does not consider interruption issues allowing safe_mode / open_basedir
restriction bypass to be security sensitive. For more details see
https://bugzilla.redhat.com/show_bug.cgi?id=169857#c1 and
http://www.php.net/security-note.php
Red Hat does not consider interruption issues allowing safe_mode / open_basedir
restriction bypass to be security sensitive. For more details see
https://bugzilla.redhat.com/show_bug.cgi?id=169857#c1 and
http://www.php.net/security-note.php
The Red Hat Security Response Team does not consider a user assisted denial of service (and potential crash) of end user application, such a Firefox, to be a security issue.
Not vulnerable. These issues did not affect the versions of dhcp as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Red Hat does not consider interruption issues allowing safe_mode / open_basedir
restriction bypass to be security sensitive. For more details see
https://bugzilla.redhat.com/show_bug.cgi?id=169857#c1 and
http://www.php.net/security-note.php
Red Hat does not consider interruption issues allowing safe_mode / open_basedir
restriction bypass to be security sensitive. For more details see
https://bugzilla.redhat.com/show_bug.cgi?id=169857#c1 and
http://www.php.net/security-note.php
We do not consider this to be a security issue as it does not introduce any additional risk in using untrusted RPM .spec files. RPM .spec files can do a lot of things, regardless of how rpmbuild parses the syntax, because certain sections of the .spec file (%prep, %build, etc.) are treated as shell scripts. Because of the ability to easily include malicious commands anywhere, an untrusted .spec file should be carefully examined prior to building, the same as if you were to download and execute an untrusted shell script.
Not vulnerable. RPM as provided with Red Hat Enterprise 3, 4, and 5 do not support POSIX capabilities.
We do not consider RPM's lack of removing POSIX ACLs to be security sensitive. Users cannot use POSIX ACLs to elevate their privileges; therefore, there is no need to clear them upon package upgrade or removal.
Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 3, 4, or 5.
This issue did not affect the version of Linux kernel as shipped with Red Hat
Enterprise Linux 3, 4 and Red Hat Enterprise MRG as they did not include
support for the XFS filesystem. A future kernel update in Red Hat Enterprise
Linux 5 will address this issue.
Not vulnerable. This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 3, 4, or 5.
The Red Hat Security Response Team has rated this issue as having Moderate security impact. Satellite 5 is currently in the Production 2 phase of its lifecycle, as such this issue is not currently planned to be addressed in future updates. For additional information, refer to the Satellite Life Cycle: https://access.redhat.com/site/support/policy/updates/satellite page.
Not vulnerable. This issue did not affect the version of libvirt as shipped with Red Hat Enterprise Linux 5.
Not vulnerable. This issue did not affect the version of libvirt as shipped with Red Hat Enterprise Linux 5.
This issue has been addressed in Red Hat Enterprise Linux 5 via:
https://rhn.redhat.com/errata/RHSA-2010-0615.html
Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG: Red Hat Enterprise Linux 3 and 4 did not have the 'current_clocksource' file in /sys/; Red Hat Enterprise Linux 5 restricted 'current_clocksource' to only the root user; and Red Hat Enterprise MRG enabled CONFIG_GENERIC_TIME by default.
This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3 as it did not have support for CIFS. Future updates in Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG may address this flaw.
This issue did not affect the version of lftp as shipped with Red Hat Enterprise Linux 3 and 4 as they did not include support for renaming files to a server-suggested file name.
Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact due to the series of events required to successfully exploit it, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
This issue affects the versions of the perl-libwww-perl package, as shipped
with Red Hat Enterprise Linux 4, 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 3, 4, or 5.
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
This is not a vulnerability. Red Hat Enterprise Linux does not have /var/log/messages world-readable, nor is GDM run in debug mode; both are requirements for this to be considered a flaw.
This issue did not affect the versions of CUPS as shipped with Red Hat Enterprise Linux 3 or 4. It was addressed in Red Hat Enterprise Linux 5 via RHSA-2010:0811.
Not vulnerable. This issue did not affect the versions of CUPS as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 3, 4, or 5.
This issue was fixed by the 5.0.2 release of the JBoss Enterprise SOA Platform, available for download from the Red Hat Customer Portal:
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=soaplatform&downloadType=distributions&version=5.0.2+GA
The JBoss Enterprise SOA Platform 5.0.2 Release Notes are available from http://www.redhat.com/docs/en-US/JBoss_SOA_Platform/5.0.2/html/5.0.2_Release_Notes/index.html
This issue did not affect python-paste version as shipped with Red Hat Enterprise Linux 6, which included the fixed version since its initial release.
This issue did not affect the versions of Linux kernel as shipped with Red Hat
Enterprise Linux 3 and 4, as they do not include support for the Neptune
Ethernet driver. It did not affect Red Hat Enterprise Linux 5 and Red Hat
Enterprise MRG, as they do not contain the upstream commit 0853ad66 that
introduced this flaw.
Not vulnerable. This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Red Hat does not consider interruption issues allowing safe_mode / open_basedir
restriction bypass to be security sensitive. For more details see
https://bugzilla.redhat.com/show_bug.cgi?id=169857#c1 and
http://www.php.net/security-note.php
The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat
Enterprise MRG did not include support for eCryptfs, and therefore are not
affected by this issue. A future update in Red Hat Enterprise Linux 6 may
address this flaw. This was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0723.html.
These issues were fixed by the 5.0.2 release of the JBoss Enterprise SOA Platform, available for download from the Red Hat Customer Portal:
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=soaplatform&downloadType=distributions&version=5.0.2+GA
The JBoss Enterprise SOA Platform 5.0.2 Release Notes are available from http://www.redhat.com/docs/en-US/JBoss_SOA_Platform/5.0.2/html/5.0.2_Release_Notes/index.html
This issue did not affect the version of Linux kernel as shipped with Red Hat
Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG as they did not backport the upstream commit ffcebb16 that introduced this vulnerability.
Not vulnerable. This issue did not affect the versions of freetype as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of freetype as shipped with Red Hat Enterprise Linux 3, 4, or 5.
This issue did not affect the versions of the Linux kernel as shipped with Red
Hat Enterprise Linux 3 as it did not include support for Network File System (NFS) version 4. Future updates in Red Hat Enterprise 4, 5, and Red Hat Enterprise MRG may address this flaw.
The mipv6-daemon packages in Red Hat Enterprise Linux 6 are not vulnerable to this issue, as they contain a backported patch correcting this flaw.
The mipv6-daemon packages in Red Hat Enterprise Linux 6 are not vulnerable to this issue, as they contain a backported patch correcting this flaw.
This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat Enterprise MRG as they did not include support for the upcall mechanism for the Common Internet File System (CIFS). This issue was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0723.html.
Not vulnerable. This issue did not affect the versions of pidgin as shipped with Red Hat Enterprise Linux 3, 4, or 5.
This issue is not planned to be fixed in Red Hat Enterprise Linux 3 due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important and critical impact are addressed.
For further information about the Errata Support Policy, visit:
http://www.redhat.com/security/updates/errata
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG as they did not include support for Btrfs, a new copy on write filesystem.
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG as they did not include support for Btrfs, a new copy on write filesystem.
This issue does not affect the version of the java-1.6.0-openjdk package, as
shipped with Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Not vulnerable. This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 3, 4, or 5.
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw in qt.
Not vulnerable. This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 3, 4, or 5.
This issue did not affect the versions of evince as shipped with Red Hat
Enterprise Linux 5.
This issue did not affect the versions of evince as shipped with Red Hat
Enterprise Linux 5.
This issue did not affect the versions of evince as shipped with Red Hat Enterprise Linux 5.
This issue did not affect the versions of evince as shipped with Red Hat
Enterprise Linux 5.
Not vulnerable. This issue did not affect the versions of KVM as shipped with Red Hat Enterprise Linux 5 as it does not contain the patch that introduced this vulnerability.
This issue does not affect the version of the java-1.6.0-openjdk package, as
shipped with Red Hat Enterprise Linux 5.
This issue did not affect the version of Linux kernel as shipped with Red Hat
Enterprise Linux 3, 4 and Red Hat Enterprise MRG as they did not include
support for the GFS2 file system.
A future kernel update in Red Hat Enterprise Linux 5 will address this issue.
This issue did not affect the version of Linux kernel as shipped with Red Hat
Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG as they did not include
support for GPU DRM.
Not vulnerable. This issue did not affect the versions of freetype as
shipped with Red Hat Enterprise Linux 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of freetype as
shipped with Red Hat Enterprise Linux 3, 4, or 5.
The Red Hat Security Response Team has rated this issue as having low security
impact, a future update may address this flaw.
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
This issue is not planned to be fixed in Red Hat Enterprise Linux 5, as its impact is mitigated by standard glibc protection mechanisms to cause only application abort.
Red Hat Security Response Team does not consider a user-assisted crash (abort) of a client application, such as OpenOffice.org Impress tool, to be a security issue.
This issue is not planned to be fixed in Red Hat Enterprise Linux 5,
as its impact is mitigated by standard glibc protection mechanisms to
cause only application abort.
Red Hat Security Response Team does not consider a user-assisted crash
(abort) of a client application, such as OpenOffice.org Impress tool,
to be a security issue.
This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 3, 4, or 5 as they did not include support for ECDH.
This issue did not affect the version of Linux kernel as shipped with Red Hat
Enterprise Linux 3 as it did not include upstream commit be84c7f6 (history repository) that introduced the problem. A future kernel update in Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG will address this issue.
This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat Enterprise MRG as they did not include support for the XFS file system. A future kernel update in Red Hat Enterprise
Linux 5 will address this issue.
Not vulnerable. This issue did not affect the versions of the Linux kernel as
shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG as
they did not include support for the Journaled File System (JFS).
This issue is not planned to be fixed in Red Hat Enterprise Linux 3
due to this product being in Production 3 of its maintenance
life-cycle, where only qualified security errata of important and
critical impact are addressed.
For further information about the Errata Support Policy, visit:
http://www.redhat.com/security/updates/errata
A future update in Red Hat Enterprise Linux 4 and
Red Hat Enterprise Linux 5 may address this flaw.
Not vulnerable. This issue did not affect the versions of quagga
package as shipped with Red Hat Enterprise Linux 3, 4, or 5, as
these versions do not support 4 byte AS numbers (AS4 support) yet.
This issue did not affect the version of Linux kernel as shipped with Red Hat
Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG as it did not include
support for the IrDA protocol.
This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and 5 as they did not backport the upstream commit 3d23e349 that had introduced the problem. A future update in Red Hat Enterprise MRG may address this flaw.
Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG as they did not include support for the broadcast manager (BCM) protocol.
This issue did not affect the version of Linux kernel as shipped with Red Hat
Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG as it did not include upstream commit ee18d64c that introduced the problem.
The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG did not include support for Graphics Execution Manager (GEM) in the i915 driver, and therefore are not affected by this issue.
This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3 and 4 as they did not include the upstream commit eb4eeccc that introduced the problem. It did not affect Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG as they did not provide support for the Stradis driver that uses the vulnerable compat code for VIDIOCSMICROCODE. As a preventive measure, we have removed the vulnerable code in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0839.html. We plan to remove the vulnerable code in a future kernel update in Red Hat Enterprise MRG.
This issue did not affect the version of Linux kernel as shipped with Red Hat
Enterprise Linux 3, 4 and Red Hat Enterprise MRG as they did not include
support for the Ext4 filesystem. A future kernel update in Red Hat Enterprise
Linux 5 will address this issue.
Red Hat security response team does not consider a crash of a client application linked against freetype to be a security issue.
Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 3, 4, or 5, and Red Hat Application Stack v2.
Not vulnerable. This issue did not affect the versions of php as shipped with
Red Hat Enterprise Linux 3, 4, or 5, and Red Hat Application Stack v2.
Not vulnerable. This issue did not affect the versions of php as shipped with
Red Hat Enterprise Linux 3, 4, or 5, and Red Hat Application Stack v2.
This issue is not planned to be fixed in Red Hat Enterprise Linux 3 due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important and critical impact are addressed.
For further information about the Errata Support Policy, visit:
http://www.redhat.com/security/updates/errata
This issue did not affect the version of Linux kernel as shipped with Red Hat
Enterprise Linux 3 and 4 as they did not include support for eventfd in the
Async I/O (AIO) implementation. It did not affect the version of Linux kernel
as shipped with Red Hat Enterprise MRG as it has already had the fix to this
issue. This issue was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0839.html
This issue did not affect the version of Squid as shipped with Red Hat Enterprise Linux 3, 4, or 5. It was corrected in Red Hat Enterprise Linux 6 via RHSA-2011:0545.
This issue did not affect the version of Linux kernel as shipped with Red Hat
Enterprise Linux 3, 4, and Red Hat Enterprise MRG as they did not include
support for the XFS file system. This issue was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0839.html
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and 5, as they do not include support for Ftrace. It did not affect Red Hat Enterprise MRG as it did not contain the upstream commit 8fc0c701 that introduced this flaw.
This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and 5 as it did not include upstream commit 7034632d that introduced the problem. It did not affect Red Hat Enterprise MRG as the /dev/sequencer device file is restricted to root access only.
More information can be found in this kbase: https://access.redhat.com/kb/docs/DOC-40265.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3 and 4, as they do not include support for the Neptune Ethernet driver. It did not affect Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG, as they do not contain the upstream commit 2d96cf8c that introduced this flaw.
This issue did not affect the version of Linux kernel as shipped with Red Hat
Enterprise Linux 3 and 4 as they did not support for the FUTEX_LOCK_PI futex operation. It did not affect the version of Linux kernel as shipped with Red Hat Enterprise MRG as it has already had the fix to this issue. This issue was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0839.html
The Red Hat Security Response Team has rated this issue as having low security
impact, a future update may address this flaw.
The Red Hat Security Response Team has rated this issue as having low security
impact. We do not currently plan to fix this flaw. If more information becomes available at a future date, we may revisit the issue.
Not vulnerable. This issue did not affect the versions of conga as shipped with Red Hat Cluster Suite for Red Hat Enterprise Linux 4 and as shipped with Red Hat Enterprise Linux 5 as they use own internal mechanism to verify if user requesting particular page is authenticated. Plone private pages permissions configuration mechanism is not used in conga.
The Red Hat Security Response Team has rated this issue as having low security impact, a future update to Red Hat Directory Server may address this flaw.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and 5 as they did not include support for equalizer load-balancer for serial network interfaces. This was addressed in Red Hat Enterprise Linux Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2010-0771.html.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and 5, as they did not support USB Option High Speed Mobile Devices. This was addressed in Red Hat Enterprise Linux Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2010-0771.html.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG, as they do not contain the upstream commit d4d67150 that introduced this flaw.
More information can be found in this kbase: https://access.redhat.com/kb/docs/DOC-40330
This issue does not affect the version of dovecot package, as shipped with Red Hat Enterprise Linux 4, 5 and 6.
This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG as they did not include support for the ROSE protocol. Red Hat Enterprise Linux 3 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.
Not vulnerable. This issue did not affect the versions of pam as shipped with Red Hat Enterprise Linux 3, 4, 5, or 6.
Not vulnerable. This issue did not affect the versions of pam as shipped with Red Hat Enterprise Linux 3, 4, 5, or 6.
This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3 as it did not include support for SCTP. This was addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2010-0958.html and https://rhn.redhat.com/errata/RHSA-2010-0842.html. Future updates in Red Hat Enterprise Linux 4 and 5 may address this flaw.
We do not consider safe_mode / open_basedir restriction bypass issues to be security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
The Linux kernel as shipped with Red Hat Enterprise Linux 3 and 4 did not include support for Packet writing layer for ATAPI and SCSI disc media devices, and therefore are not affected by this issue. The Linux kernel as shipped with Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG only allow root access to the "/dev/pktcdvd/control" file, and therefore are also not affected by this issue.
The Red Hat Security Response Team has rated this issue as having low security impact, a future update to wireshark in Red Hat Enterprise Linux 4 and 5 may address this flaw.
This issue was addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2010-0924.html.
This issue affects the version of the python package as shipped with Red Hat Enterprise Linux 4, 5, and 6. Due to the nature of this flaw, it cannot be fixed in the python language, but must be addressed in each module which calls accept().
This issue did not affect the versions of dhcp as shipped with Red Hat Enterprise Linux 4 and 5 as they did not include support for DHCPv6.
The Red Hat Security Response Team has rated this issue as having low security impact. Because the version of bind in Red Hat Enterprise Linux 4 does not implement support for the currently-used DNSSEC protocol version, there is no plan to address this flaw there. It has been addressed in Red Hat Enterprise Linux 5 (via RHSA-2010:0975) and Red Hat Enterprise Linux 6 (via RHSA-2010:0976).
Not vulnerable. This issue did not affect the versions of bind as shipped with Red Hat Enterprise Linux 4, 5, or 6.
Not vulnerable. This issue did not affect the versions of dhcp as shipped with Red Hat Enterprise Linux 3, 4, 5, or 6.
Not vulnerable. This issue did not affect the versions of mysql package
as shipped with Red Hat Enterprise Linux 3, 4, 5, or 6.
This issue did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 3 and 4. This issue was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0825.html.
Not vulnerable. This issue did not affect the versions of mysql as
shipped with Red Hat Enterprise Linux 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of mysql as
shipped with Red Hat Enterprise Linux 3, 4, or 5.
This issue did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 3 and 4.
This issue did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 3. This issue was addressed in Red Hat Enterprise Linux 4, 5 and 6 via RHSA-2010:0824, RHSA-2010:0825 and RHSA-2011:0164 respectively.
This issue did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 3 and 4. This issue was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0825.html.
Not vulnerable. This issue did not affect the versions of mysql package
as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Not vulnerable. This issue did not affect the versions of freeradius as shipped with Red Hat Enterprise Linux 4, 5, or 6.
Red Hat does not consider this to a security issue. In order for the crash condition to be observed, the RADIUS server must already be unresponsive for extended periods of time, the net result of which is that you cannot DoS an already-unresponsive server. Other specialized conditions are required as well, that make an attack using this flaw unviable.
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/CVE-2010-3705.
This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3 as it did not include support for SCTP. It did not affect Red Hat Enterprise Linux 4 and 5 as it did not include upstream commit 1f485649 that introduced the problem. Future kernel updates in Red Hat Enterprise MRG may address this flaw.
Not vulnerable. This issue did not affect the versions of dovecot as
shipped with Red Hat Enterprise Linux 4, 5 or 6.
This issue did not affect the version of dovecot package, as shipped with Red
Hat Enterprise Linux 4 and 5. This issue affects the version of dovecot
package as shipped with Red Hat Enterprise Linux 6. The Red Hat Security
Response Team has rated this issue as having low security impact, a future
update may address this flaw.
This issue did not affect the version of PHP as shipped with Red Hat Enterprise Linux 3, 4 or 5.
This issue did not affect the version of php packages as shipped with Red Hat Enterprise Linux 4, 5 or 6. It did affect the PHP 5.3 (php53) package on Red Hat Enterprise Linux 5.
Not vulnerable. This issue did not affect the versions of dovecot as
shipped with Red Hat Enterprise Linux 4, 5 or 6.
Not vulnerable. This issue did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 3, 4, 5, or 6.
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, 6 or Red Hat Enterprise MRG. Red Hat does not provide support for the Acorn Econet network protocol.
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, 6 or Red Hat Enterprise MRG. Red Hat does not provide support for the Acorn Econet network protocol.
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, 6 or Red Hat Enterprise MRG. Red Hat does not provide support for the Acorn Econet network protocol.
This flaw was resolved in the Red Hat JBoss BRMS 5.1.0 release. It was also resolved in the upstream Drools Guvnor 5.1 release.
This issue did not affect the versions of Linux kernel as shipped with Red Hat
Enterprise Linux 4 as they did not backport the upstream commit b6a2fea3 that introduced the issue. This was addressed in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0004.html and
https://rhn.redhat.com/errata/RHSA-2010-0958.html. Future kernel updates in Red Hat Enterprise Linux 6 may address this flaw.
Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/CVE-2010-3859.
This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 6 and Red Hat Enterprise MRG as they did not include support for Transparent Inter-Process Communication Protocol (TIPC). A future kernel update in Red Hat Enterprise Linux 5 may address this flaw. As a
preventive measure, we plan to include the fixes in a future kernel update in Red Hat Enterprise Linux 4.
This issue did not affect the versions of Linux kernel as shipped with Red Hat
Enterprise Linux 3 and 4, as they do not include support for the Neptune
Ethernet driver. It did not affect Red Hat Enterprise Linux 5 as it did not contain the upstream commit 0853ad66 that introduced this flaw.
This issue does not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux versions before Enterprise Linux 6.
The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat
Enterprise MRG did not include support for the RDS Protocol, and therefore are
not affected by this issue. Future kernel updates in Red Hat Enterprise Linux 5
may address this flaw.
This issue did not affect the version of Linux kernel as shipped with Red Hat
Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG as they did not include
support for CCITT X.25 Packet Layer.
The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and 5 did not include CAN bus subsystem support, and therefore are not affected by this issue. Future kernel updates in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG may address this flaw.
This issue did not affect the version of Linux kernel as shipped with Red Hat
Enterprise Linux 4, 5, and Red Hat Enterprise MRG as they did not include
support for Amateur Radio AX.25 protocol.
This issue is not planned to be fixed in Red Hat Enterprise Linux 3, due to
this product being in Extended Life Cycle Phase of its maintenance life-cycle,
where only qualified security errata of critical impact are addressed.
For further information about the Errata Support Policy, visit:
http://www.redhat.com/security/updates/errata
This issue is not planned to be fixed in Red Hat Enterprise Linux 3, due to
this product being in Extended Life Cycle Phase of its maintenance life-cycle,
where only qualified security errata of critical impact are addressed.
For further information about the Errata Support Policy, visit:
http://www.redhat.com/security/updates/errata
This issue did not affect the version of Linux kernel as shipped with Red Hat
Enterprise Linux 3, 4 and Red Hat Enterprise MRG as they did not include
support for Transparent Inter-Process Communication Protocol (TIPC). A future
kernel update in Red Hat Enterprise Linux 5 may address this flaw.
The Red Hat Security Response Team has rated this issue as having low security impact. On Red Hat Enterprise Linux 5 and 6, a user must be a member of the 'fuse' group in order to use FUSE. Due to the risks associated with fixing this bug on Red Hat Enterprise Linux 5, and because of the group restrictions in place, we currently have no plans to fix this flaw in Red Hat Enterprise Linux 5.
This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not include support for monitoring of INET transport protocol sockets. Future updates in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG may address this flaw.
This issue did not affect the version of Linux kernel as shipped with Red Hat
Enterprise Linux 3, 4 and Red Hat Enterprise MRG as they did not include
support for Kernel-based Virtual Machine (KVM). A future kernel update in Red
Hat Enterprise Linux 5 may address this flaw.
The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG did not include support for the RDS Protocol, and therefore are not affected by this issue. Updates for Red Hat Enterprise Linux 5 and 6 are available to address this flaw.
Not vulnerable. This issue did not affect the versions of festival as shipped with Red Hat Enterprise Linux 3, 4, or 5.
This issue did not affect the versions of libxml and libxml2 as shipped with Red Hat Enterprise Linux 3, and it did not affect the version of libxml2 as shipped with Red Hat Enterprise Linux 4.
This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 3, 4 and 5.
Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 4, 5, or 6.
This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 4 or 5 as the flaw was introduced in a later version of MIT krb5 (1.7).
Red Hat does not consider crash of client application, using regcomp()
or regexec() routines on untrusted input without preliminary checking
the input for the sanity, to be a security issue (the described deficiency
implies and is a known limitation of the glibc regular expression engine
implementation). The expressions can be modified to avoid quantification
nesting, or program modified to limit size of input passed to regular
expression engine. We do not currently plan to fix these flaws. If more
information becomes available at a future date, we may revisit these issues.
Red Hat does not consider crash of client application, using regcomp()
or regexec() routines on untrusted input without preliminary checking
the input for the sanity, to be a security issue (the described deficiency
implies and is a known limitation of the glibc regular expression engine
implementation). The expressions can be modified to avoid quantification
nesting, or program modified to limit size of input passed to regular
expression engine. We do not currently plan to fix these flaws. If more
information becomes available at a future date, we may revisit these issues.
This issue is not planned to be fixed in Red Hat Enterprise Linux 3, due to this product being in Extended Life Cycle Phase of its maintenance life-cycle, where only qualified security errata of critical impact are addressed.
For further information about the Errata Support Policy, visit:
http://www.redhat.com/security/updates/errata
This issue did not affect the version of Linux kernel as shipped with Red Hat
Enterprise Linux 3 as it did not include IPC compat functionality.
This issue did not affect the versions of Linux kernel as shipped with Red Hat
Enterprise Linux 3, 4, and 5 as they did not include support for Moschip USB
serial port adapters.
This issue did not affect the version of Linux kernel as shipped with Red Hat
Enterprise Linux 3 as it did not include the affected functionality.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG as they did not include support for Amiga built-in serial port.
This issue did not affect the versions of Linux kernel as shipped with Red Hat
Enterprise Linux 3, 4, and 5 as they did not include support for GlobeTrotter
HSPDA PCMCIA card.
This issue did not affect the versions of Linux kernel as shipped with Red Hat
Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG as they did not include
or support the affected functionality.
This issue did not affect the versions of Linux kernel as shipped with Red Hat
Enterprise Linux 3, 4, and 5 as they did not include support for the Conexant's
CX23415/CX23416 codec chip.
This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 3 as it did not include support for RME Hammerfall DSP Audio.
This issue did not affect the versions of Linux kernel as shipped with Red Hat
Enterprise Linux 3 and 4 as they did not include support for RME Hammerfall DSP
MADI Audio interface.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and 5 as they did not include support for VIA UniChrome (Pro) and Chrome9 graphics boards.
This issue is not planned to be fixed in Red Hat Enterprise Linux 3,
due to this product being in Extended Life Cycle Phase of its
maintenance life-cycle, where only qualified security errata of critical
impact are addressed.
For further information about the Errata Support Policy, visit:
http://www.redhat.com/security/updates/errata
We do not consider safe_mode / open_basedir restriction bypass issues to be
security sensitive. For more details see
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and
http://www.php.net/security-note.php
This issue did not affect the version of php packages as shipped with Red Hat Enterprise Linux 4, 5 or 6. It did affect the PHP 5.3 (php53) package on Red Hat Enterprise Linux 5.
The Linux kernel as shipped with Red Hat Enterprise Linux 3 did not include the vulnerable code, and therefore is not affected by this issue. Future kernel updates in Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG may address this flaw.
The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and 5 did not
include L2TP functionality, and therefore are not affected by this
issue. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat
Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0007.html and https://rhn.redhat.com/errata/RHSA-2011-0330.html.
This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not backport the upstream commit 93821778 that introduced this. It did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as they have backported the upstream commit fda9ef5d that addressed this. Future kernel update in Red Hat Enterprise Linux 5 may address this flaw.
This issue did not affect the versions of Linux kernel as shipped with Red Hat
Enterprise Linux 4 and 5 as they did not backport the upstream commit c5dec1c3 that introduced the issue. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0007.html and https://rhn.redhat.com/errata/RHSA-2011-0330.html.
This issue did not affect the versions of Linux kernel as shipped with Red Hat
Enterprise Linux 4 and 5 as they did not backport the upstream commit c5dec1c3
that introduced the issue. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0007.html and https://rhn.redhat.com/errata/RHSA-2011-0330.html.
This issue did not affect the versions of Linux kernel as shipped with Red Hat
Enterprise Linux 4, 5, 6 and Red Hat Enterprise MRG as they did not include
support for CCITT X.25 Packet Layer.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 as they did not backport the upstream commit that introduced the issue. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0283.html and https://rhn.redhat.com/errata/RHSA-2011-0330.html.
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and 5 did not backport the upstream commit dab5855 that introduced the issue. Future kernel updates in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG may address this flaw.
This issue does not affect the version of the systemtap package as shipped
with Red Hat Enterprise Linux 4.
Not vulnerable. This issue did not affect the versions of the Linux kernel as
shipped with Red Hat Enterprise Linux 4 and Red Hat Enterprise MRG as they did not include support for the RDS protocol. It did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and 6 as they did not backport the upstream commit eff5f53b that introduced this issue.
Not vulnerable. This issue did not affect the versions of dracut as
shipped with Red Hat Enterprise Linux 6.
This issue affects the version of the mercurial package, as shipped with
Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw.
This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not have support for CPU time clocks for the POSIX clock interface. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0004.html, https://rhn.redhat.com/errata/RHSA-2011-0007.html and https://rhn.redhat.com/errata/RHSA-2011-0330.html.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5. It was addressed in Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0330.html. A future kernel update in Red Hat Enterprise Linux 6 may address this flaw.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise MRG as they have already backported the fixes for this issue. Future kernel updates in Red Hat Enterprise Linux 6 may address this flaw. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.
Not vulnerable. This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 4, 5, or 6.
Not vulnerable. This issue did not affect the versions of the Linux kernel as
shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG as they did not backport the upstream commit 35f3d14d that introduced this issue.
The Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG enabled the panic_on_oops sysctl tunable by default, and therefore are not affected by this issue. However, as a preventive measure (for example, for administrators who have turned panic_on_oops off), we plan to address this issue in future kernel updates in Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG.
This issue affects the version of the fontforge package as shipped with
Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated
this issue as having low security impact, a future update may address
this flaw.
This issue affects the version of the xfig package as shipped with
Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team
has rated this issue as having low security impact, a future update may
address this flaw.
This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 4 and Red Hat Enterprise MRG as they did not include support for PCI I/O Virtualization (IOV). Future updates in Red Hat Enterprise Linux 5 and 6 may address this flaw.
This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 4 and 5 as they did not include support for the Local Download Sharing Service (LDSS) protocol.
This issue was addressed in Red Hat Enterprise Linux 6 via
https://rhn.redhat.com/errata/RHSA-2010-0924.html.
This issue did not affect the versions of wireshark shipped with
Red Hat Enterprise Linux 4, 5, and 6, as they did not include
support for the Zigbee Cluster Library (ZCL) protocol.
This issue is only a defense-in-depth measure, and we currently have no plans to fix this flaw in Red Hat Enterprise Linux 6. The use of the useHttpOnly setting in Tomcat only prohibits client scripts from accessing cookies when it is correctly implemented in the user's web browser. The use of httpOnly does not guarantee XSS protection; it is only a defense-in-depth measure. Additionally, implementing this as a default setting could have negative impact on existing expected behavior in client scripts. As a result, the Red Hat Security Response Team has determined that this issue is not a security flaw, but a proactive hardening measure and the risk associated with implementing it by default and possibly breaking expected behaviour is greater than any benefits it provides. Users who wish to take advantage of this hardening measure can enable useHttpOnly by adding '<Context useHttpOnly="true">' to the default context.xml or a specific web-application context.
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. This issue did not affect perl-IO-Socket-SSL version as shipped with Red Hat Enterprise Linux 5.
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6 or Red Hat Enterprise MRG. Red Hat does not provide support for the Acorn Econet network protocol.
This issue did not affect the version of Linux kernel as shipped with Red Hat
Enterprise Linux 4 as it did not include support for the Brocade Fibre Channel Host Bus Adapter driver. It did not affect the version of Linux kernels as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as they have the included the fix for this issue. A future kernel update in Red Hat Enterprise Linux 5 may address this flaw.
The Linux kernel as shipped with Red Hat Enterprise Linux 4 is not vulnerable because it checks for mmap_min_addr even in special cases.
The Linux kernel as shipped with Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG have mmap_min_addr sysctl tunable set to 4096, and therefore are not affected by this issue. However, as a preventive measure (for example, for administrators who have increased mmap_min_addr), we have addressed this in Red Hat Enterprise Linux 5, 6 and MRG via https://rhn.redhat.com/errata/RHSA-2011-0429.html, https://rhn.redhat.com/errata/RHSA-2011-0421.html, and https://rhn.redhat.com/errata/RHSA-2011-0330.html.
This issue did not affect the version of Linux kernel as shipped with Red Hat
Enterprise Linux 4, 5, and 6 as they did not include upstream commit a1a541d8 and a25ee920 that introduced the problem. This has been addressed in Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0330.html.
This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 4 and 5. The getSymbol() and setSymbol() functions are unlikely to ever receive untrusted input as an $attr argument, and it is even less likely that they would receive such input when only a small set of pre-defined constants is expected. As a result, this flaw can only be triggered by the script author and cannot be used to cross trust boundaries. The Red Hat Security Response Team does not consider it to be security-relevant.
Not vulnerable. This issue did not affect the versions of openssh as shipped with Red Hat Enterprise Linux 4, 5, or 6.
This issue affects the version of libvpx as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
This issue did not affect the versions of libxml and libxml2 as shipped with
Red Hat Enterprise Linux 3, and it did not affect the version of libxml2 as
shipped with Red Hat Enterprise Linux 4 and 5.
This issue did not affect the versions of cobbler as shipped with Red Hat Satellite version 5.
The Linux kernel as shipped with Red Hat Enterprise Linux 4 did not include
upstream commit history:5aabd1fe268e850c2e93048a5ccc5eb6970ac49c, and therefore
is not affected by this issue. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via http://rhn.redhat.com/errata/RHSA-2011-0163.html, https://rhn.redhat.com/errata/RHSA-2011-0421.html and https://rhn.redhat.com/errata/RHSA-2011-1253.html.
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6 and Red Hat Enterprise MRG as they did not provide support for Open Sound System (OSS).
This issue did not affect the versions of pidgin package as shipped with
Red Hat Enterprise Linux 4, 5, and 6 as this issue is specific to versions
of libpurple from 2.7.6 up to 2.7.8.
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, or Red Hat Enterprise MRG. Red Hat does not provide support for the IrDA protocol.
This issue affects the version of pcsc-lite shipped with Red Hat Enterprise linux 5 and 6. This issue was addressed in Red Hat Enterprise Linux 6 via RHSA-2013:0525. A future update may address this flaw in Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this issue as having low security
impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and 5 did not
include CAN bus subsystem support, and therefore are not affected by this
issue. This has been addressed in Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0330.html. A future kernel update in Red Hat Enterprise Linux 6 may address this flaw.
This issue leads to a temporary denial of service (high CPU consumption) when a PHP script handles numeric values from untrusted user input. It does not affect the versions of PHP as shipped with Red Hat Enterprise Linux 3, 4 or 5. It did affect the PHP 5.3 (php53) package on Red Hat Enterprise Linux 5.
This issue did not affect the version of Linux kernel as shipped with Red Hat
Enterprise Linux 4 and 5 as they did not backport the upstream commit d03032af that introduced this issue. Future kernel updates in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG may address this flaw.
This issue affects the versions of Linux kernel as shipped with Red Hat
Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG. Red Hat Enterprise Linux
4 is now in Production 3 of the maintenance life-cycle,
https://access.redhat.com/support/policy/updates/errata/, therefore the fix for
this issue is not currently planned to be included in the future updates. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0927.html and https://rhn.redhat.com/errata/RHSA-2011-0498.html, and https://rhn.redhat.com/errata/RHSA-2011-0330.html.
This issue did not affect the versions of Linux kernel as shipped with Red
Hat Enterprise Linux 4 and 5 as they did not backport the upstream commit
59efec7b that introduced this issue. It did not affect the version of Linux
kernel as shipped with Red hat Enterprise MRG as it did not provide support
for Character device in Userspace (CUSE). A future kernel update in Red Hat
Enterprise Linux 6 may address this flaw. Note that, by default, the
"/dev/cuse" file in Red Hat Enterprise Linux 6 is only accessible by the
root user.
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
This issue did not affect the versions of Linux kernel as shipped with Red Hat
Enterprise Linux 4 and 5 as they do not have support for the I/O-Warrior USB devices. This has been addressed in Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0330.html. A future kernel update in Red Hat Enterprise Linux 6 may address this flaw.
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw the packages php53 php.
The Red Hat Security Response Team has rated this issue as having low security impact, a future update to Red Hat Enterprise Linux 6 may address this flaw. This issue did not affect Red Hat Enterprise Linux 4 or 5.
The Red Hat Security Response Team has rated this issue as having moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
This flaw has already been fixed in Red Hat Enterprise Linux 4 and 5 by a patch included in RHSA-2010:0519.
Not vulnerable. This issue did not affect the versions of libarchive as shipped with Red Hat Enterprise Linux 4, 5, and 6.
This issue did not affect the versions of Linux kernel as shipped with Red Hat
Enterprise Linux 4 and 5 as they did not backport the upstream commit c5dec1c3
that introduced the issue. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0007.html and https://rhn.redhat.com/errata/RHSA-2011-0330.html.
We do not consider safe_mode / open_basedir restriction bypass issues to be security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
Not vulnerable. This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 4, 5, or 6.
Red Hat does not consider this issue to be a security vulnerability, rather consider this to be a non-security bug.
Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 4, 5, or 6.
Red Hat does not consider this issue to be a security flaw. For additional details, refer to: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4706
The Red Hat Security Response Team has rated this issue as having low security impact. This issue was addressed in the PAM packages in Red Hat Enterprise Linux 5 via RHSA-2010:0819 and in Red Hat Enterprise Linux 6 via RHSA-2010:0891. A future update may correct this issue in the PAM packages in Red Hat Enterprise Linux 4.
Not vulnerable. This issue did not affect Red Hat Directory Server 8 packages.
We do not consider a denial of service flaw in a client application such as sftp to be a security issue.
Not vulnerable. This issue did not affect the versions of perl as shipped with Red Hat Enterprise Linux 4, 5, or 6 as they did not have asserts enabled.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise MRG as they have already backported the fixes for this issue. Future kernel updates in Red Hat Enterprise Linux 6 may address this flaw. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.
Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Low security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
This issue affects the version of poppler as shipped with Red Hat Enterprise Linux 5 and 6. This issue does not affect the version of poppler as shipped with Red Hat Enterprise Linux 7. A future update may address this issue.
This issue did not affect the openssl packages shipped with Red Hat Enterprise Linux 5.
This issue does not affect the kvm packages as shipped with Red Hat Enterprise Linux 5.
This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 6 and 7. Future updates may address this issue in the respective Red Hat Enterprise Linux releases.
The Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG are not affected by this issue. A future kernel update in Red Hat Enterprise Linux 6 may address this flaw.
Not vulnerable. This issue did not affect the versions of sudo as shipped with Red Hat Enterprise Linux 4, 5, or 6.
This issue does not affect versions of kvm package as shipped with Red Hat Enterprise Linux 5.
This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 3, 4, and 5. It was addressed in Red Hat Enterprise Linux 6 via RHSA-2011:0677.
The Red Hat Security Response Team has rated this issue as having low security
impact, a future update may address this flaw.
This issue did not affect the versions of qt shipped with Red Hat Enterprise Linux 4, 5 and 6.
This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 3 or 4 as they did not include support for the LDAP backend.
This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 3 or 4 as they did not include support for the LDAP backend.
This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 3, 4, 5 or 6.
This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 5.
Not vulnerable. This issue did not affect the versions of libpng as shipped with Red Hat Enterprise Linux 4, 5, or 6. This issue did not affect the versions of libpng10 as shipped with Red Hat Enterprise Linux 4.
This issue affected postfix packages in Red Hat Enterprise Linux 4, 5, and 6. It was corrected via RHSA-2011:0422 and RHSA-2011:0423.
This issue did not affect the versions of sendmail as shipped with Red Hat Enterprise Linux 3, 4, 5, or 6, and the versions of exim as shipped with Red Hat Enterprise Linux 4 and 5.
Not vulnerable. This issue did not affect the versions of bind as shipped with Red Hat Enterprise Linux 4, 5, or 6.
Red Hat does not consider this flaw to be a security issue. The size argument of the grapheme_extract function is unlikely to from an untrusted source unfiltered, therefore the value passed to the function is under the the full control of the script author and no trust boundary is crossed.
Not vulnerable. This issue did not affect the versions of evince as shipped with Red Hat Enterprise Linux 5 and 6.
Not vulnerable. This issue did not affect the versions of kbd as shipped with
Red Hat Enterprise Linux 4, 5, or 6 as they do not include the affected script.
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6 and Red Hat Enterprise MRG as they did not provide support for the Oracle Cluster File System (OCFS).
Red Hat is aware of this issue and is tracking it via the following bug:
https://bugzilla.redhat.com/CVE-2011-0521
This issue did not affect the version of the Linux kernel as shipped with Red Hat Enterprise Linux 3 as it did not include support for ULE (Unidirectional Lightweight Encapsulation). We have included a fix for this issue in Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG however the affected module is not build by default.
Not vulnerable. This issue did not affect the versions of Puppet in any Red Hat product.
Not vulnerable. This issue did not affect the versions of openssh as shipped with Red Hat Enterprise Linux 4, 5, or 6.
The Red Hat Security Response Team has rated this issue as having low security impact. On Red Hat Enterprise Linux 5 and 6, a user must be a member of the 'fuse' group in order to use FUSE. Due to the risks associated with fixing this bug on Red Hat Enterprise Linux 5, and because of the group restrictions in place, we currently have no plans to fix this flaw in Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this issue as having low security impact. On Red Hat Enterprise Linux 5 and 6, a user must be a member of the 'fuse' group in order to use FUSE. Due to the risks associated with fixing this bug on Red Hat Enterprise Linux 5, and because of the group restrictions in place, we currently have no plans to fix this flaw in Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this issue as having low security impact. On Red Hat Enterprise Linux 5 and 6, a user must be a member of the 'fuse' group in order to use FUSE. Due to the risks associated with fixing this bug on Red Hat Enterprise Linux 5, and because of the group restrictions in place, we currently have no plans to fix this flaw in Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this issue as having no security
impact. We do not plan to take any action regarding this flaw at this time. If additional information becomes available at a future date, we will revisit this issue and act accordingly.
This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0927.html, https://rhn.redhat.com/errata/RHSA-2011-0421.html, and https://rhn.redhat.com/errata/RHSA-2011-0500.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, or Red Hat Enterprise MRG as they did not backport the upstream commit bf5fc093c that introduced this issue.
Not vulnerable. This issue did not affect Red Hat Directory Server 8 packages.
This issue did not affect the versions of the java-1.6.0-openjdk package as shipped with Red Hat Enterprise Linux 5 and 6.
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG as they did not backport the upstream commit eb1d1641 that introduced net/bridge/br_multicast.c. It did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 6 as it did not backport the upstream commit 8ef2a9a5 that introduced this issue.
This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise MRG as it does not have support for the S390 architecture. A future kernel update in Red Hat Enterprise Linux 6 may address this flaw. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle,
https://access.redhat.com/support/policy/updates/errata/, therefore the fix for
this issue is not currently planned to be included in the future updates. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2011-0429.html.
This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not have support for the XFS file system. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise
MRG via https://rhn.redhat.com/errata/RHSA-2011-0927.html, https://rhn.redhat.com/errata/RHSA-2011-0498.html, and https://rhn.redhat.com/errata/RHSA-2011-0500.html.
This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 as they did not backport the driver for Native Instruments USB audio devices. It did not affect the Linux kernel as shipped with Red Hat Enterprise MRG as it did not enable support for this driver. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2011-0498.html.
This issue only affects Red Hat Enterprise Linux 6 as we did not properly backport upstream commit b48fa6b9. The versions of the Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG are not affected.
This issue did not affect the versions of the Linux kernel as shipped with Red
Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG as they did not include
support for the bridge snooping functionality. A future update in Red Hat
Enterprise Linux 6 may address this flaw.
Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle,
https://access.redhat.com/support/policy/updates/errata/, therefore the fix for
this issue is not currently planned to be included in the future updates. Future kernel updates in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG may address this flaw.
We do not consider this flaw to be a security issue as it is only exploitable by the script author. No trust boundary is crossed.
This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 3, 4, or 5 (php). This issue was addressed in the php53 packages as shipped in Red Hat Enterprise Linux 5 before their first release in Red Hat Enterprise Linux 5.6, and it was addressed in the php package in Red Hat Enterprise Linux 6 via RHBA-2011:0615.
Red Hat does not consider this issue to be a security vulnerability since no trust boundary is crossed. Any process able to send signals to a running PHP process can terminate it by sending a carefully-chosen signal.
Red Hat does not consider this flaw to be a security issue as arguments passed to the mt_rand function are under the full control of the script author. No trust boundary is crossed.
This flaw exists in the php53 packages versions as shipped in Red Hat Enterprise Linux 5 and the php packages versions as shipped in Red Hat Enterprise Linux 6.
Red Hat does not consider this problem to be a security issue. Input passed to these functions should be under the full control of the script author, therefore no trust boundary is crossed.
Not vulnerable. This issue only affected Java versions running on Windows platform. It did not affect the versions of java-1.6.0-openjdk as shipped with Red Hat Enterprise Linux 5 and 6, and the java-1.6.0-sun packages as shipped with Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6 Supplementary.
Not vulnerable. This issue only affected Java versions running on Windows platform. It did not affect the versions of java-1.6.0-openjdk as shipped with Red Hat Enterprise Linux 5 and 6, and the java-1.6.0-sun packages as shipped with Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6 Supplementary.
This issue only affects Red Hat Enterprise Linux 6. The version of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG as they did not include upstream commit 71e3aac0 that introduced the problem. We have addressed this in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2011-0542.html.
This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0429.html, https://rhn.redhat.com/errata/RHSA-2011-0542.html and https://rhn.redhat.com/errata/RHSA-2011-0500.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.
Not vulnerable. This issue did not affect the versions of Linux kernel as
shipped with Red Hat Enterprise Linux 4, 5, 6 and Red Hat Enterprise MRG as
they did not provide support for the Windows Logical Disk Manager.
This issue did not affect the versions of the Linux kernel as shipped with Red
Hat Enterprise Linux 4, 5 as they did not include the affected functionality. A future update in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG may address this flaw.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG as they did not backport the upstream commits fff1ce4d and 45e4039c that introduced this issue. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2011-0498.html.
Not vulnerable. This issue did not affect the versions of Linux kernel as
shipped with Red Hat Enterprise Linux 4, 5, 6 and Red Hat Enterprise MRG as
they did not provide support for the Windows Logical Disk Manager.
This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 as they did not backport the upstream commit a8f80e8f that introduced this flaw. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0498.html and https://rhn.redhat.com/errata/RHSA-2011-0500.html.
Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.
This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via RHSA-2012:0007, RHSA-2011:1530 and RHSA-2011:1253 respectively.
The version of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and 6 as they did not include upstream commit a1a541d8 and a25ee920 that introduced the problem. This has been addressed in Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1253.html.
The Linux kernel as shipped with Red Hat Enterprise Linux 4 and Red Hat Enterprise MRG did not include support for the RDS Protocol, and therefore are
not affected by this issue. The Linux kernel as shipped with Red Hat Enterprise Linux 5 and 6 are not affected as they did not backport upstream commit 2e7b3b99 and 77dd550e that introduced this issue.
This issue affects the versions of Linux kernel as shipped with Red Hat
Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG. Red Hat Enterprise Linux
4 is now in Production 3 of the maintenance life-cycle,
https://access.redhat.com/support/policy/updates/errata/, therefore the fix for
this issue is not currently planned to be included in the future updates. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0927.html and https://rhn.redhat.com/errata/RHSA-2011-0498.html, and https://rhn.redhat.com/errata/RHSA-2011-0330.html.
Not vulnerable. This issue did not affect Red Hat Directory Server 8 packages.
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, or Red Hat Enterprise MRG as they did not backport the upstream commit 4a2d7892 that introduced this issue.
This issue does not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5. This was addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0542.html and https://rhn.redhat.com/errata/RHSA-2011-0500.html.
This issue affected the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG. It was addressed in Red Hat Enterprise Linux 5 and 6 via RHSA-2012:0150 and RHSA-2012:0862 respectively. There is no plan to address this flaw in Red Hat Enterprise Linux 4. Future updates may address this issue in Red Hat Enterprise MRG.
Not vulnerable. This issue did not affect the versions of Apache Tomcat 5 as shipped with Red Hat Enterprise Linux 5, Red Hat Developer Suite 3,
Red Hat Certificate System 7.3, Red Hat Network Satellite 5.3.0 and earlier versions and JBoss Enterprise Web Server 1.0. It did not affect the versions of Apache Tomcat 6 as shipped with Red Hat Enterprise Linux 6 and JBoss Enterprise Web Server 1.0. It also did not affect the versions of jbossweb as shipped with JBoss Enterprise Application Platform 4.3.0 and earlier versions, as this flaw only affects Apache Tomcat 7.0.0 to 7.0.10.
This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not backport the upstream commit 4b580ee3 that introduced this issue. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0429.html, https://rhn.redhat.com/errata/RHSA-2011-0542.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html.
This issue affects the versions of pidgin package as shipped with Red Hat Enterprise Linux 4, 5 and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Red Hat does not consider this to be a security issue. Input passed to these functions should be under the full control of the script author, thus no trust boundary is crossed. Additionally, an administrator would have to disable, or excessively increase the memory_limit settings in the PHP configuration file to trigger this bug.
This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not include support for the DCCP protocol. Future updates in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG may address this flaw.
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Not vulnerable. This issue did not affect the versions of wireshark as
shipped with Red Hat Enterprise Linux 4, 5, or 6.
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
The Red Hat Security Response Team has rated this issue as having low security impact. We do not currently plan to fix this flaw. If more information becomes available at a future date, we may revisit the issue.
This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 4.
Red Hat does not consider this flaw to be a security issue. It is improbable that a script would accept untrusted user input or unvalidated script input data as a PHAR archive file name to load. The file name passed to the PHAR-handling functions is therefore under the full control of the script author and no trust boundary is crossed.
Not vulnerable. This issue did not affect the versions of logrotate as
shipped with Red Hat Enterprise Linux 4 and 5, as they did not support
'shred' logrotate configuration directive yet.
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0833.html, https://rhn.redhat.com/errata/RHSA-2011-0542.html, and https://rhn.redhat.com/errata/RHSA-2011-0500.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for
this issue is not currently planned to be included in the future updates.
This issue did not affect the version of vino as shipped with Red Hat Enterprise Linux 4 or 5 as they did not include support for Universal Plug and Play (UPnP). A future update in Red Hat Enterprise Linux 6 may address this flaw. To mitigate this issue, users should ensure that confirmation is requested on each inbound connection attempt, that a password is required to connect, and that automatic network configuration is disabled. This will prevent vino from using UPnP to allow access to the VNC port, and will ensure that any connections require a password and that the user is notified on any connection attempts.
This issue did not affect the version of vino as shipped with Red Hat Enterprise Linux 4 or 5 as they did not include support for Universal Plug and Play (UPnP). A future update in Red Hat Enterprise Linux 6 may address this flaw. To mitigate this issue, users should ensure that confirmation is requested on each inbound connection attempt, that a password is required to connect, and that automatic network configuration is disabled. This will prevent vino from using UPnP to allow access to the VNC port, and will ensure that any connections require a password and that the user is notified on any connection attempts.
The Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6 and
Red Hat Enterprise MRG are not affected as they did not backport upstream
commit 719f82d3 that introduced this issue.
Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance
life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore
the fix for this issue is not currently planned to be included in the future
updates. Future kernel updates in Red Hat Enterprise Linux 5, 6 and Red Hat
Enterprise MRG may address this flaw.
Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance
life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. Future kernel updates in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG may address this flaw.
Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle,
https://access.redhat.com/support/policy/updates/errata/, therefore the fix for
this issue is not currently planned to be included in the future updates. Future kernel updates in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise
MRG may address this flaw.
Not vulnerable. This issue did not affect the versions of Linux kernel as
shipped with Red Hat Enterprise Linux 4, 5, 6 or Red Hat Enterprise MRG. Red
Hat does not provide support for the Acorn Econet network protocol.
Not vulnerable. This issue did not affect the versions of Linux kernel as
shipped with Red Hat Enterprise Linux 4, 5, 6, or Red Hat Enterprise MRG. Red
Hat does not provide support for IrDA.
Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. This was addressed in Red Hat Enterprise Linux 5 and 6 via https://rhn.redhat.com/errata/RHSA-2011-0927.html and https://rhn.redhat.com/errata/RHSA-2011-1189.html. A future kernel update in Red Hat Enterprise MRG may address this flaw.
Not vulnerable. This issue did not affect the versions of Apache Tomcat 5 as shipped with Red Hat Enterprise Linux 5, Red Hat Developer Suite 3, Red Hat Certificate System 7.3, Red Hat Network Satellite 5.3.0 and earlier versions and JBoss Enterprise Web Server 1.0. It did not affect the versions of Apache Tomcat 6 as shipped with Red Hat Enterprise Linux 6 and JBoss Enterprise Web Server 1.0. It also did not affect the versions of jbossweb as shipped with JBoss Enterprise Application Platform 4.3.0 and earlier versions, as this flaw only affects Apache Tomcat 7.0.11.
Not Vulnerable. These issues do not affect the versions of firefox and thunderbird package, as shipped with Red Hat Enterprise Linux 5 and 6.
This issue affects the versions of libxslt package as shipped with Red Hat
Enterprise Linux 4, 5 and 6. The Red Hat Security Response Team has rated this
issue as having low security impact, a future update may address this flaw.
Not Vulnerable. This issue does not affect the version of conga as shipped with
Red Hat Enterprise Linux 5 and Red Hat Cluster Suite EL4
Not vulnerable. This issue did not affect the versions of tetex as shipped with Red Hat Enterprise Linux 4 or 5, and the versions of texlive as shipped with Red Hat Enterprise Linux 6.
Not vulnerable. This issue did not affect the versions of exim as shipped with Red Hat Enterprise Linux 4 or 5 as they did not include support for DKIM.
Not vulnerable. This issue did not affect the versions of Apache Tomcat 5 as shipped with Red Hat Enterprise Linux 5, Red Hat Developer Suite 3, Red Hat Certificate System 7.3, Red Hat Network Satellite 5.3.0 and earlier versions and JBoss Enterprise Web Server 1.0. It did not affect the versions of Apache Tomcat 6 as shipped with Red Hat Enterprise Linux 6 and JBoss Enterprise Web Server 1.0. It also did not affect the versions of jbossweb as shipped with JBoss Enterprise Application Platform 4.3.0 and earlier versions, as this flaw only affects Apache Tomcat 7.0.0 to 7.0.10.
Red Hat does not consider this flaw to be a security issue. It is improbable that a script would accept untrusted user input or unvalidated script input data to the strval() function. Input passed to the functions is therefore under the full control of the script author and no trust boundary is crossed. As well, an administrator would have to excessively increase the precision settings in order to trigger this flaw.
This issue did not affect the versions of PHP as shipped with Red Hat Enterprise Linux 4 and 5. The getSymbol() and setSymbol() functions are unlikely to ever receive untrusted input as an $attr argument, and it is even less likely that they would receive such input when only a small set of pre-defined constants is expected. As a result, this flaw can only be triggered by the script author and cannot be used to cross trust boundaries. The Red Hat Security Response Team does not consider it to be security-relevant.
Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 4 and 5. It has been addressed in Red Hat Enterprise Linux 5 (php53) and 6 (php).
This issue did not affect the version of php as shipped with Red Hat Enterprise Linux 4.
This issue does not affect the version of php shipped with Red Hat Enterprise
Linux 4, 5 and 6. This issue does not affect the version of php53 shipped with
Red Hat Enterprise Linux 5.
This issue affects all of the versions of OpenSSL in Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this issue as having Low security impact.
We currently have no plans to fix this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, or Red Hat Enterprise MRG as they did not backport the PaX patchset.
Not vulnerable. This issue did not affect the versions of Apache Tomcat 5 as shipped with Red Hat Enterprise Linux 5, Red Hat Developer Suite 3, Red Hat Certificate System 7.3, Red Hat Network Satellite 5.3.0 and earlier versions and JBoss Enterprise Web Server 1.0. It did not affect the versions of Apache Tomcat 6 as shipped with Red Hat Enterprise Linux 6 and JBoss Enterprise Web Server 1.0. It also did not affect the versions of jbossweb as shipped with JBoss Enterprise Application Platform 4.3.0 and earlier versions, as this flaw only affects Apache Tomcat 7.0.0 to 7.0.11.
Not vulnerable. This issue did not affect the versions of Linux kernel as
shipped with Red Hat Enterprise Linux 4, 5, 6 and Red Hat Enterprise MRG as
they did not provide support for Open Sound System (OSS).
Not vulnerable. This issue did not affect the versions of Linux kernel as
shipped with Red Hat Enterprise Linux 4, 5, 6 and Red Hat Enterprise MRG as
they did not provide support for Open Sound System (OSS).
This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not support Generic Receive Offload (GRO). It has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0429.html, https://rhn.redhat.com/errata/RHSA-2011-0421.html and https://rhn.redhat.com/errata/RHSA-2011-1253.html.
This issue did not affect the versions of Linux kernel as shipped with Red Hat
Enterprise Linux 4 and 5. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0498.html and https://rhn.redhat.com/errata/RHSA-2011-1253.html.
The Red Hat Security Response Team has rated this issue as having low security impact, and it did not affect the versions of perl as shipped with Red Hat Enterprise Linux 4 and 5. A future update in Red Hat Enterprise Linux 6 may address this flaw.
Not vulnerable. This issue did not affect the versions of rsyslog as
shipped with Red Hat Enterprise Linux 5 and 6.
Not vulnerable. This issue did not affect the versions of rsyslog as
shipped with Red Hat Enterprise Linux 5 and 6.
Not vulnerable. This issue did not affect the versions of rsyslog as
shipped with Red Hat Enterprise Linux 5 and 6.
Not vulnerable. This issue did not affect the versions of Linux kernel as
shipped with Red Hat Enterprise Linux 4, 5, 6, or Red Hat Enterprise MRG. Red
Hat does not provide support for the ROSE protocol.
This issue did not affect the version of Linux kernel as shipped with Red Hat
Enterprise Linux 4 as it did not provide support for MPT (Message Passing
Technology) based controllers. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0833.html, and https://rhn.redhat.com/errata/RHSA-2011-0542.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html.
This issue did not affect the version of Linux kernel as shipped with Red Hat
Enterprise Linux 4 as it did not provide support for MPT (Message Passing
Technology) based controllers. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0833.html, and https://rhn.redhat.com/errata/RHSA-2011-0542.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html.
Not vulnerable. This issue affects the GlassFish Server Administration Console, which is not shipped with any Red Hat products.
This issue affects the Red Hat HPC Solution which is End of Life. For more information please refer to:
https://access.redhat.com/support/policy/updates/hpc/
This issue was addressed in krb5-appl packages in Red Hat Enterprise Linux 6 via RHSA-2011:0920 and krb5 packages in Red Hat Enterprise Linux 5 via RHSA-2012:0306.
This issue is not planned to be addressed in Red Hat Enterprise Linux 4, where this issue was rated as having low security impact.
Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 4 or 5.
Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 4 or 5.
Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 4 and 5.
This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not support SCTP authentication and extended parameters. It did not affect the version of Linux kernel as shipped with Red Hat Enterprise MRG as it has backported the upstream commit a8170c35 that addressed this. This has been addressed in Red Hat Enterprise Linux 5 and 6 via https://rhn.redhat.com/errata/RHSA-2011-0927.html and https://rhn.redhat.com/errata/RHSA-2011-0498.html.
This issue did not affect the version of Linux kernel as shipped with Red Hat
Enterprise Linux 4 as it did not support Generic Receive Offload (GRO). This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0927.html and https://rhn.redhat.com/errata/RHSA-2011-1189.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html.
This issue affects the versions of Linux kernel as shipped with Red Hat
Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0833.html, https://rhn.redhat.com/errata/RHSA-2011-1465.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG as they did not backport the upstream commit bb1d9123 that introduced this issue. A future kernel update in Red Hat Enterprise Linux 6 may address this flaw.
Not vulnerable. This issue did not affect the versions of Apache Tomcat 5 as shipped with Red Hat Enterprise Linux 5, Red Hat Developer Suite 3, Red Hat Certificate System 7.3, Red Hat Network Satellite 5.3.0 and earlier versions and JBoss Enterprise Web Server 1.0. It did not affect the versions of Apache Tomcat 6 as shipped with Red Hat Enterprise Linux 6 and JBoss Enterprise Web Server 1.0. It also did not affect the versions of jbossweb as shipped with JBoss Enterprise Application Platform 4.3.0 and earlier versions, as this flaw only affects Apache Tomcat 7.0.12 & 7.0.13.
This issue did not affect the versions of the Xen package as shipped with Red Hat Enterprise Linux 4 and 6. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2011-0496.html.
This issue did not affect the versions of Linux kernel as shipped in Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG as they did not ship mount.cifs with root setuid set. However, as a preventive meaasure, we have addressed this in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1386.html and https://rhn.redhat.com/errata/RHSA-2011-1253.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.
Not vulnerable. This issue did not affect the versions of wireshark as
shipped with Red Hat Enterprise Linux 4, 5, or 6.
This issue affects the versions of Linux kernel as shipped with Red Hat
Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0927.html, https://rhn.redhat.com/errata/RHSA-2011-1189.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.
The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and 5 did not
include support for the CAN protocol, and therefore are not affected by this
issue. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0836.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html.
We do not consider safe_mode / open_basedir restriction bypass issues to be security sensitive. For more details see https://bugzilla.redhat.com/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
On Red Hat Enterprise Linux, by default, mount.cifs is not provided with the setuid bit enabled. If a user has turned on the setuid bit (via chmod +s /sbin/mount.cifs), they would be affected by this issue, and can work around the problem by removing the setuid bit.
Red Hat Enterprise Linux 3 does not provide the mount.cifs program.
Not vulnerable. This issue did not affect the versions of gdm as shipped with Red Hat Enterprise Linux 4, 5, or 6.
This issue affects the versions of Linux kernel as shipped with Red Hat
Enterprise 4, 5, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0927.html, https://rhn.redhat.com/errata/RHSA-2011-1350.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.
This issue affects the versions of Linux kernel as shipped with Red Hat Enterprise 4, 5, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0927.html, https://rhn.redhat.com/errata/RHSA-2011-1350.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.
Red Hat Security Response team does not consider this bug to be security relevant one due to the privileges (CAP_SYS_RAWIO) required to exploit this issue.
The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and 5 did not
include support for the CAN protocol, and therefore are not affected by this
issue. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0836.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html.
This issue did not affect the versions of nfs-utils as shipped with Red Hat Enterprise Linux 4 as it did not include include mount.nfs. It was addressed in Red Hat Enterprise Linux 5 and 6 via RHSA-2012:0310 and RHSA-2011:1534 respectively.
This issue does not affect versions of kvm package as shipped with Red Hat
Enterprise Linux 5.
This issue only affects Red Hat Enterprise Linux 6. The version of the qemu/kvm as shipped with Red Hat Enterprise Linux 5 is not affected.
Vulnerable. This issue has been addressed in Red Hat Network Satellite Server v 5.4.1 via RHSA-2011:0882 https://rhn.redhat.com/errata/RHSA-2011-0882.html and in Red Hat Network Proxy Server v5.4.1 via RHSA-2011:0881 https://rhn.redhat.com/errata/RHSA-2011-0881.html. This issue is not planned
to be fixed in Red Hat Network Satellite Server versions 5.0.2, 5.1.1, 5.2.1, 5.3.0 and not planned to be fixed in Red Hat Network Proxy Server versions 5.0.2, 5.1.1, 5.2.1, and 5.3.0.
Not vulnerable. This issue did not affect the versions of Linux kernel as
shipped with Red Hat Enterprise Linux 4, 5, 6 and Red Hat Enterprise MRG as
they did not provide support for the ARM architecture.
Red Hat currently does not plan to address this issue. For details refer to: https://bugzilla.redhat.com/show_bug.cgi?id=700883#c18
Not vulnerable. This issue did not affect the version of libmodplug embedded in gstreamer-plugins as shipped with Red Hat Enterprise Linux 4.
This issue only affects Red Hat Enterprise Linux 5 as we did not backport upstream Xen unstable commit 2dcdd2fcb945. The versions of the Linux kernel as shipped with Red Hat Enterprise Linux 4, 6, and Red Hat Enterprise MRG are not affected.
Not vulnerable. This issue did not affect the versions of exim as shipped with Red Hat Enterprise Linux 4 or 5 as they did not include support for DKIM.
The Linux kernel as shipped with Red Hat Enterprise Linux 4, and 5 did not provide support for Network Namespace, and therefore are not affected by this issue. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0928.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html.
The Linux kernel as shipped with Red Hat Enterprise Linux 4, and 5 did not provide support for Network Namespace, and therefore are not affected by this issue. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0928.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html.
This issue does not affect Red Hat Enterprise Linux 4 and 5: Red Hat Enterprise Linux 4 does not provide support for the Datagram Congestion Control Protocol (DCCP), and Red Hat Enterprise Linux 5, which does support DCCP, did not backport the upstream commit that introduced this issue, e77b8363b. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0836.html and https://rhn.redhat.com/errata/RHSA-2011-1253.html.
This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise Linux MRG as they did not backport the upstream commit cdff08e7 that introduced this issue. Future kernel updates for Red Hat Enterprise Linux 6 may address this flaw.
Not vulnerable. This issue did not affect the versions of struts as shipped
with Red Hat Enterprise Linux 5, Red Hat Network Satellite 5, JBoss Enterprise Web Server 1, JBoss Enterprise Application Platform 4, JBoss Enterprise Portal Platform 4 and JBoss Operations Network 2.
This issue affects the versions of Linux kernel as shipped with Red Hat
Enterprise 4, 5, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0927.html and https://rhn.redhat.com/errata/RHSA-2011-1189.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.
This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 4, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2011-1065.html.
Also, only systems running on x86 architecture with AMD processor and SVM virtualization extension enabled are affected.
Not vulnerable. This issue did not affect the versions of ecryptfs-utils as
shipped with Red Hat Enterprise Linux 5 or 6.
This issue did affect the versions of kernel package as shipped with Red Hat Enterprise Linux 5.
This issue did affect the versions of kvm package as shipped with Red Hat Enterprise Linux 5. Red Hat cannot backport the fix though as it is too invasive and has a high risk of introducing severe regressions at this point in the Red Hat Enterprise Linux 5 life-cycle. As such, Red Hat recommends that users of KVM on Red Hat Enterprise Linux 5 only use PCI passthrough with trusted guests.
This issue did affect the versions of kernel package as shipped with Red Hat Enterprise Linux 6.
This issue did not affect the versions of kernel-rt package as shipped with Red Hat Enterprise MRG as it did not provide support for virtualization.
For further info please refer to the knowledge base article https://access.redhat.com/knowledge/articles/66747.
Not vulnerable. This issue did not affect the versions of bind as shipped with Red Hat Enterprise Linux 4, 5, or 6 as they did not include support for Response Policy Zones (RPZ).
This issue did not affect bind packages shipped with Red Hat Enterprise Linux 4 and 5. It affected bind97 packages shipped with Red Hat Enterprise Linux 5 and bind packages shipped with Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this issue as having low security impact. We do not currently plan to fix this flaw in Red Hat Enterprise Linux 4. If more information becomes available at a future date, we may revisit the issue.
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG as they did not backport the upstream commit 4a94445c that introduced this issue.
The versions of the Linux kernel as shipped with Red Hat Enterprise Linux 4, 6, and Red Hat Enterprise MRG are not affected. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2011-0927.html.
Also, only systems running on x86 architecture with Intel processor and VMX
virtualization extension enabled are affected.
Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 4 and 5. It has been addressed in Red Hat Enterprise Linux 5 (php53) and 6 (php).
Not vulnerable. This issue did not affect the versions of NetworkManager as
shipped with Red Hat Enterprise Linux 4, 5, or 6.
Not vulnerable. This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 3, 4, 5, or 6, as they do not include the support for the elliptic curve cryptography.
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw in Red Hat Enterprise Linux 4, 5, or 6.
This issue did not affect the versions of conga package as shipped with Red Hat Enterprise Linux 5 and with Red Hat Cluster Suite for Red Hat Enterprise Linux 4, as they did not include support for creation of new Plone content.
Not Vulnerable. This issue does not affect the version of conga as shipped with Red Hat Enterprise Linux 5 and Red Hat Cluster Suite EL4
Not vulnerable. This issue did not affect the versions of wireshark as shipped
with Red Hat Enterprise Linux 4, 5, or 6. This flaw is specific to Wireshark
v1.4.5 version.
This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 4 or 5.
This issue affects the versions of Linux kernel as shipped with Red Hat
Enterprise 4, 5, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0927.html, https://rhn.redhat.com/errata/RHSA-2011-1350.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.
Not vulnerable. This issue did not affect the versions of struts as shipped
with Red Hat Enterprise Linux 5, Red Hat Network Satellite 5, JBoss Enterprise Web Server 1, JBoss Enterprise Application Platform 4, JBoss Enterprise Portal Platform 4 and JBoss Operations Network 2.
Not vulnerable. This issue did not affect the versions of struts as shipped
with Red Hat Enterprise Linux 5, Red Hat Network Satellite 5, JBoss Enterprise Web Server 1, JBoss Enterprise Application Platform 4, JBoss Enterprise Portal Platform 4 and JBoss Operations Network 2.
Not vulnerable. This issue did not affect the versions of openswan as shipped with Red Hat Enterprise Linux 5 or 6.
This issue did not affect the version of wireshark as shipped with Red Hat Enterprise Linux 4 and 5.
We do not currently plan to fix this issue due to the lack of further information about the flaw and its impact. If more information becomes available at a future date, we may revisit the issue.
Not vulnerable. This issue did not affect the version of libvirt as shipped with Red Hat Enterprise Linux 5 and 6 as we did not backport upstream commit d6623003.
Not vulnerable. This issue did not affect the versions of Linux kernel as
shipped with Red Hat Enterprise Linux 4, 5, 6 and Red Hat Enterprise MRG as
they did not provide support for the Windows Logical Disk Manager.
This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG do not provide support for KSM (Kernel Samepage Merging). This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2011-1189.html.
Not vulnerable. This issue did not affect the versions of Linux kernel as
shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG as
they did not backport the upstream commit 47a150edc2a that introduced this issue.
Not vulnerable. This issue did not affect the versions of xscreensaver as
shipped with Red Hat Enterprise Linux 4.
This did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 as they did not include support for Network Namespaces. A future kernel update in Red Hat Enterprise MRG may address this issue. The risks associated with fixing this flaw outweigh the benefits of the fix, therefore Red Hat does not plan to fix this flaw in Red Hat Enterprise Linux 6.
This issue affects the version of vte as shipped with Red Hat Enterprise Linux 4, 5 or 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Not vulnerable. The Red Hat Security Response Team has reviewed this bug and determined it has no security impact on the tftp packages as shipped with Red Hat Enterprise Linux 4, 5, and 6. Refer to the following bugzilla for additional details: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2199
This issue did not affect the versions of Linux kernel as shipped in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as they did not provide support for the Hierarchical File System (HFS). This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2011-1479.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.
The Red Hat Security Response Team has rated this issue as having low security
impact, a future update may address this flaw.
Not vulnerable. This issue did not affect the versions of Linux kernel as
shipped with Red Hat Enterprise Linux 4, 5, 6 and Red Hat Enterprise MRG as
they did not provide support for the Alpha architecture.
Not vulnerable. This issue did not affect the versions of Linux kernel as
shipped with Red Hat Enterprise Linux 4, 5, 6 and Red Hat Enterprise MRG as
they did not provide support for the Alpha architecture.
Not vulnerable. This issue did not affect the versions of Linux kernel as
shipped with Red Hat Enterprise Linux 4, 5, 6 and Red Hat Enterprise MRG as
they did not provide support for the Alpha architecture.
Not vulnerable. This issue did not affect the versions of Linux kernel as
shipped with Red Hat Enterprise Linux 4, 5, 6 and Red Hat Enterprise MRG as
they did not provide support for the Alpha architecture.
This issue only affects Red Hat Enterprise Linux 6. The version of the qemu/kvm
as shipped with Red Hat Enterprise Linux 5 is not affected because it does not provide support for indirect descriptors.
This issue affects the Linux kernel as shipped with Red Hat Enterprise Linux 4,
5, 6, and Red Hat Enterprise MRG. Red Hat Enterprise Linux 4 is now in
Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0927.html, https://rhn.redhat.com/errata/RHSA-2011-1189.html and https://rhn.redhat.com/errata/RHSA-2011-1253.html.
Not vulnerable. This issue affects the GlassFish Server Administration Console, which is not shipped with any Red Hat products.
Not Vulnerable. This issue did not affect the version of Firefox as shipped with Red Hat Enterprise Linux 4, 5 or 6.
Not vulnerable. This issue did not affect the versions of bind as shipped with Red Hat Enterprise Linux 4, 5, or 6 as they did not include support for Response Policy Zones (RPZ).
Red Hat currently does not plan to address this issue. For details refer to:
https://bugzilla.redhat.com/show_bug.cgi?id=700883#c18
Red Hat currently does not plan to address this issue. For details refer to:
https://bugzilla.redhat.com/show_bug.cgi?id=700883#c18
Red Hat currently does not plan to address this issue. For details refer to:
https://bugzilla.redhat.com/show_bug.cgi?id=700883#c18
The versions of the Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG are not affected because they do not provide support for THP (Transparent Huge Pages). This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2011-0928.html.
This issue did not affect any version of Tomcat shipped in Red Hat products. This flaw only affected Tomcat versions 7.0.0 - 7.0.16.
This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not backport the upstream commit 3ab224be6d6. It did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 6, and Red Hat Enterprise MRG as they have backported the upstream commit ea2bc483ff5 that Red Hat Enterprise Linux 5 did not. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2011-1212.html.
This issue did not affect the versions of Linux kernel as shipped with Red Hat
Enterprise Linux 4 as it did not provide support for the Taskstats interface. This was fixed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1386.html, https://rhn.redhat.com/errata/RHSA-2011-1350.html and https://rhn.redhat.com/errata/RHSA-2011-1253.html.
This flaw affects Apache CXF (WSS4J) and jbossws-native as shipped with various JBoss products. It does not affect JBoss Enterprise Application Platform 6 and JBoss Application Server 7.1.1 and above. These products include WSS4J 1.6.5, which incorporates a fix for this flaw. On affected products, this flaw can be mitigated by using the RSA-OAEP key wrap algorithm, instead of the default RSA-v1.5 algorithm. To use RSA-OAEP, edit the jboss-ws-security configuration file and add the property keyWrapAlgorithm="rsa_oaep" to the encrypt element.
This issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG. It has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-0927.html, https://rhn.redhat.com/errata/RHSA-2011-1189.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.
Not vulnerable. This issue did not affect the versions of Linux kernel as
shipped with Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG as
they did not backport the upstream commit 66e61a9e that introduced this
issue. This issue did not affect the versions of Linux kernel as
shipped with Red Hat Enterprise Linux 4 as it did not include support for EXT4 filesystem.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not provide support for the Taskstats interface. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1479.html, https://rhn.redhat.com/errata/RHSA-2011-1465.html, and https://rhn.redhat.com/errata/RHSA-2012-0010.html.
This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1212.html, https://rhn.redhat.com/errata/RHSA-2011-1189.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 as they did not backport the upstream commit 5dee9e7c that introduced this issue. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1189.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html.
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG as they did not backport the upstream commit a63d83f4 that introduced this issue.
This issue did not affect the versions of nfs-utils as shipped with Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this issue as having low security impact; a future update in Red Hat Enterprise Linux 6 may address this flaw.
This issue only affects Red Hat Enterprise Linux 6. The version of the qemu/kvm
as shipped with Red Hat Enterprise Linux 5 is not affected.
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
This issue did not affect the versions of Linux kernel as shipped with Red Hat
Enterprise Linux 4 as it did not provide support for the Linux wireless LAN (802.11) configuration API. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1212.html, https://rhn.redhat.com/errata/RHSA-2011-1189.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html.
Not vulnerable. This issue did not affect the versions of Linux kernel as
shipped with Red Hat Enterprise Linux 4, 5, 6 and Red Hat Enterprise MRG as
they did not provide support for the TOMOYO Linux, Mandatory Access Control (MAC) implementation.
This issue only affects Red Hat Enterprise Linux 5. The versions of the Linux
kernel-xen as shipped with Red Hat Enterprise Linux 4, 6, and Red Hat Enterprise MRG are not affected. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2011-1212.html.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG as they did not backport the upstream commit 41bf498 that introduced the issue. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2011-1350.html.
Not vulnerable. This issue did not affect the versions of vsftpd as shipped with Red Hat Enterprise Linux 3, 4, 5, or 6.
This flaw affects Red Hat Enterprise Linux 4 and 5. It did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as they have already backported the upstream commit 53b0f080 that addressed this flaw. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2011-1065.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.
The Red Hat Security Response Team has rated this issue as having low security
impact, a future update may address this flaw.
Future qemu-kvm updates in Red Hat Enterprise Linux 6 may address this flaw. This issue did not affect the versions of qemu-kvm as shipped with Red Hat Enterprise Linux 5 as it did not include support for "run as" functionality.
This issue is compile-time only and does not affect binary dbus packages, shipped in Red Hat Enterprise Linux 5 and 6. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 5 and 6.
This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not have support for ipt_CLUSTERIP. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via http://rhn.redhat.com/errata/RHSA-2011-0833.html, http://rhn.redhat.com/errata/RHSA-2011-0498.html, and http://rhn.redhat.com/errata/RHSA-2011-0500.html.
This issue did not affect the version of wireshark as shipped with Red Hat Enterprise Linux 4 and 5.
Not vulnerable. This issue did not affect the versions of openoffice.org and openoffice.org2 packages as shipped with Red Hat Enterprise Linux 4, and the versions of openoffice.org packages as shipped with Red Hat Enterprise Linux 5 and 6.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and Red Hat Enterprise MRG as they did not provide support for the Global File System 2 (GFS2). This has been addressed in Red Hat Enterprise Linux 5 and 6 via https://rhn.redhat.com/errata/RHSA-2011-1065.html and https://rhn.redhat.com/errata/RHSA-2011-1189.html.
Not vulnerable. This issue did not affect the versions of libpng as
shipped with Red Hat Enterprise Linux 4, 5, or 6.
This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1386.html, https://rhn.redhat.com/errata/RHSA-2011-1189.html, and https://rhn.redhat.com/errata/RHSA-2011-1253.html. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not include support for EXT4 filesystem.
This issue did not affect the Linux kernel as shipped with Red Hat Enterprise MRG as it has backported the fix that addresses this issue. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. This has been addressed in Red Hat Enterprise Linux 5 and 6 via https://rhn.redhat.com/errata/RHSA-2011-1386.html and https://rhn.redhat.com/errata/RHSA-2011-1465.html.
Not vulnerable. This issue did not affect the versions of Linux kernel as
shipped with Red Hat Enterprise Linux 4, 5, 6 and Red Hat Enterprise MRG as
they did not provide support for the Si4713 I2C device.
Not vulnerable. This issue did not affect the versions of freeradius as shipped with Red Hat Enterprise Linux 4, 5, or 6.
Not vulnerable. This issue did not affect the versions of glibc as shipped with Red Hat Enterprise Linux 3, 4, 5, or 6.
Not vulnerable. This issue did not affect the versions of Linux kernel as
shipped with Red Hat Enterprise Linux 4, 5, 6 and Red Hat Enterprise MRG as
they did not provide support for the Xtensa processor architecture.
The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
This issue results in an OOB read which is not exploitable for arbitrary code execution and can simply cause a crash. We do not consider this as a security issue.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not backport the upstream commit a5b1cf28 that introduced this issue. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1386.html, https://rhn.redhat.com/errata/RHSA-2011-1350.html, and https://rhn.redhat.com/errata/RHSA-2012-0010.html.
The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Red Hat does not consider this flaw to be a security issue. The flags argument passed to the bsd_glob() function is solely under the control of the script author.
This flaw was originally reported as resulting in information disclosure only, and was therefore assessed as having low security impact. On this basis, it was planned that future updates to JBoss products may address this flaw. New research [0] has now shown that this flaw can lead to remote code execution. The security impact has been re-assessed as important, and Red Hat is now working on patches for all affected products.
[0] http://danamodio.com/application-security/discoveries/spring-remote-code-with-expression-language-injection/
Not vulnerable. This issue affects the Spring Security package, which is not shipped with any Red Hat products.
Not vulnerable. This issue affects the Spring Security package, which is not shipped with any Red Hat products.
This issue does not affect the version of libxml2 package as shipped with Red Hat Enterprise Linux 4 and 5.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 as they did not backport the upstream commit 393e52e3 that introduced this flaw. This has been addressed in Red Hat Enterprise Linux 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1350.html and https://rhn.redhat.com/errata/RHSA-2012-0010.html.
The versions of the Linux kernel as shipped with Red Hat Enterprise Linux 4, 6,
and Red Hat Enterprise MRG are not affected. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2011-1212.html.
This issue did not affect Red Hat Enterprise Linux 4 and 5 as they did not include support for perf. This did not affect Red Hat Enterprise MRG as it uses the perf package from Red Hat Enterprise Linux 6. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2011-1465.html.
Not a security issue as privileges equal to root are needed. This issue did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG.
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG as they did not provide support for the Comedi drivers.
This issue did not affect Red Hat Enterprise Linux 4 and 5 as they did not include support for perf. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1350.html and https://rhn.redhat.com/errata/RHSA-2012-0333.html.
Vulnerable. This issue affects foomatic packages in Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Vulnerable. This issue affects foomatic packages in Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Not vulnerable. This issue did not affect the versions of Linux kernel as
shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG as
they did not provide support for the BeOS file system.
Not vulnerable. This issue did not affect the versions of stunnel as shipped with Red Hat Enterprise Linux 4, 5, or 6.
This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2011-1386.html.
Not vulnerable. This issue did not affect the versions of pidgin as
shipped with Red Hat Enterprise Linux 4, 5, or 6 as they contained a version of pidgin that did not support /who IRC protocol command.
Not vulnerable. This issue did not affect the versions of firefox as shipped with Red Hat Enterprise Linux 5 or 6.
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw in Red Hat Enterprise Linux 4 and 5.
Not Vulnerable. This issue does not affect the version of webkitgtk as shipped with Red Hat Enterprise Linux 6.
Not Vulnerable. This issue does not affect the version of webkitgtk as shipped
with Red Hat Enterprise Linux 6.
This issue affects the version of webkitgtk as shipped with Red Hat Enterprise Linux 6.
Not Vulnerable. This issue does not affect the version of webkitgtk as shipped
with Red Hat Enterprise Linux 6.
Not Vulnerable. This issue does not affect the version of webkitgtk as shipped
with Red Hat Enterprise Linux 6.
Not Vulnerable. This issue does not affect the version of webkitgtk as shipped
with Red Hat Enterprise Linux 6.
This issue affected the version of libxml2 as shipped with Red Hat Enterprise Linux 5 and 6 has been addressed via RHSA-2012:1288. This issue affects the version of mingw32-libxml2 as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue in Red Hat Enterprise Linux 6.
This issue affects the version of webkitgtk as shipped with Red Hat Enterprise Linux 6.
The versions of the Linux kernel as shipped with Red Hat Enterprise Linux 4, 6,
and Red Hat Enterprise MRG are not affected. It has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2011-1386.html.
Not affected. This flaw was introduced in CUPS due to an incomplete fix for CVE-2011-2896, which was not applied to any CUPS packages in Red Hat Enterprise Linux.
Red Hat does not consider this flaw to be a security issue. It is improbable
that a script would accept untrusted user input or unvalidated script input
data and use it to malloc memory, without filtering/sanitizing it, therefore the value used to malloc memory is under the the full control of the script author and no trust boundary is crossed.
Red Hat does not consider this to be a security flaw. As a malicious MSN server is needed, there are far worlse implications to a user connecting to an untrusted server than a DoS.
This issue affects the Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG. It has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1386.html, https://rhn.redhat.com/errata/RHSA-2011-1465.html, and https://rhn.redhat.com/errata/RHSA-2012-0010.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.
Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 4, 5, or 6.
This issue affects the Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG. It has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1386.html, https://rhn.redhat.com/errata/RHSA-2011-1465.html, and https://rhn.redhat.com/errata/RHSA-2012-0010.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.
Before updated packages are deployed, users can deploy configuration changes to mitigate this flaw:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-3192#c18
This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 4 and 5, openssl096b as shipped with Red Hat Enterprise Linux 4, openssl097a as shipped with Red Hat Enterprise Linux 5, or openssl098e as shipped with Red Hat Enterprise Linux 6.
This issue did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 4, 6, and Red Hat Enterprise MRG, as they either do not have the sample_to_timespec() function, or have already backported upstream commit f8bd2258, which addresses this issue. It was addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2011-1386.html.
Not vulnerable. This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 3, 4, 5, or 6, as they do not include the support for the elliptic curve cryptography.
This issue did not affect the versions of the Xen package as shipped with Red Hat Enterprise Linux 4 and 6. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2011-0496.html.
This issue does not affect the version of wireshark shipped with Red Hat Enterprise Linux 4, 5 and 6.
Not Vulnerable. This issue did not affect the version of php shipped with Red Hat Enterprise Linux 6. This issue did not affect the version of php53 shipped with Red Hat Enterprise Linux 5.
Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 4, 5, or 6. This issue did not affect the version of php53 as shipped with Red Hat Enterprise Linux 5.
Not vulnerable. This issue did not affect the versions of libpng as shipped with Red Hat Enterprise Linux 4, 5, or 6.
Not vulnerable. This issue did not affect the versions of Linux kernel as
shipped with Red Hat Enterprise Linux 4, 5 as they did not include the upstream commit that introduced this issue. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 6, and Red Hat Enterprise MRG as they did not provide support for the Infiniband Sockets Direct Protocol (SDP).
This issue only affects qemu as shipped with Red Hat Enterprise Linux 5 xen packages. The versions of the qemu/kvm as shipped with Red Hat Enterprise Linux 5 are not affected.
This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2011-1386.html. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not include support for ServerEngines' 10Gbps network adapter - BladeEngine. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2011-1530.html. A future kernel update in Red Hat Enterprise MRG may address this issue.
This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 4 and 5 as this flaw was introduced in version 2.2.12.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 as they did not provide support for FUSE. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5 as they did not backport the upstream commit 3b463ae0c6264f that introduced this issue. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1465.html and https://rhn.redhat.com/errata/RHSA-2012-0010.html.
Not vulnerable. This issue did not affect the versions of evolution as shipped with Red Hat Enterprise Linux 4, 5, or 6. This issue did not affect the version of evolution28 as shipped with Red Hat Enterprise Linux 4.
This issue did not affect the versions of the Linux kernel as shipped with Red
Hat Enterprise Linux 4 and 5 as they did not provide support for Broadcom 43xx wireless devices. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1465.html, and https://rhn.redhat.com/errata/RHSA-2012-0010.html.
Not Vulnerable. This issue does not affect the version of wireshark shipped with Red Hat Enterprise Linux 4, 5 or 6.
This issue affects the Linux kernel as shipped with Red Hat Enterprise Linux 4,
5, 6, and Red Hat Enterprise MRG. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1479.html, https://rhn.redhat.com/errata/RHSA-2011-1465.html, and https://rhn.redhat.com/errata/RHSA-2012-0010.html.
Not vulnerable. This issue did not affect the versions of NetworkManager as shipped with Red Hat Enterprise Linux 4 or 5 as they did not include support for writing NetworkManager configurations to the standard /etc/sysconfig/network-scripts/ifcfg-* files.
Not affected. This flaw did not affect any version of Tomcat shipped in Red Hat products. This flaw only affected Tomcat versions 7.0.0 - 7.0.21.
Not vulnerable. This issue did not affect the versions of php as shipped with Red Hat Enterprise Linux 4, 5, or 6.
Red Hat is aware of, and tracking, the Rizzo/Duong chosen plain text attack on SSL/TLS 1.0, also known as "BEAST". This issue has been assigned CVE-2011-3389. This attack uses web browser extensions to exploit a weakness in SSL/TLS cipher-block chaining (CBC), allowing a man-in-the-middle attacker to recover certain session information, such as cookie data, from what should be a secure connection.
The research shows two ways that an attacker could mount an attack. In both cases the attacker needs access to the data stream from the web browser to the server while a user visits a malicious website using a browser. The attacker may then be able to determine a portion of the data the browser sends to the server by making a large number of requests over a period of time. This data could include information such as an authentication cookie.
The first method of attack involves using WebSockets. Currently, Red Hat does not ship any products that allow an attack using WebSockets to be successful. We are planning to update Firefox to version 7, which contains protections in the WebSocket code that prevents this particular attack from being effective.
The second method of attack involves using a malicious Java applet. In order for the attack to be successful, the attacker would need to circumvent the Same Origin Policy (SOP) controls in Java. The researchers claim to have found a flaw in the Java SOP and we will issue updates to correct this flaw as suitable fixes are available.
We are in contact with various upstream projects regarding this attack. As a precautionary measure, we plan to update the Network Security Services (NSS), GnuTLS, and OpenSSL packages as suitable fixes are available.
We will continue to track this issue and take any appropriate actions as needed.
This statement and any updates to it is available at:
https://bugzilla.redhat.com/show_bug.cgi?id=737506
Not vulnerable. This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 4, 5, and 6.
Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 4, 5, or 6.
Not vulnerable. This issue did not affect the versions of wireshark as shipped
with Red Hat Enterprise Linux 4, 5, or 6.
Not vulnerable. This issue did not affect the versions of wireshark as shipped
with Red Hat Enterprise Linux 4, 5, or 6.
Oracle OpenSSO is provided as part of the opensso quickstart example application shipped with JBoss Enterprise SOA Platform 5. The CVE-2011-3506, CVE-2011-3517, and CVE-2012-0079 flaws are not exposed unless the opensso quickstart example application is deployed, or you have created and deployed a custom application that is packaged with a copy of Oracle OpenSSO as provided by the opensso quickstart.
The opensso quickstart has been removed in JBoss Enterprise SOA Platform 5.3.0 to address these flaws. Users interested in continuing to receive updates for their custom applications using Oracle OpenSSO are advised to contact Oracle as Red Hat is no longer supporting OpenSSO.
Oracle OpenSSO is provided as part of the opensso quickstart example application shipped with JBoss Enterprise SOA Platform 5. The CVE-2011-3506, CVE-2011-3517, and CVE-2012-0079 flaws are not exposed unless the opensso quickstart example application is deployed, or you have created and deployed a custom application that is packaged with a copy of Oracle OpenSSO as provided by the opensso quickstart.
The opensso quickstart has been removed in JBoss Enterprise SOA Platform 5.3.0 to address these flaws. Users interested in continuing to receive updates for their custom applications using Oracle OpenSSO are advised to contact Oracle as Red Hat is no longer supporting OpenSSO.
Not vulnerable. This issue affects the GlassFish Web Container component. This component is not shipped with any Red Hat products. JBoss Web and Tomcat provide the web container used in all JBoss products.
Not vulnerable. This issue did not affect the versions of conga as
shipped with Red Hat Cluster Suite for Red Hat Enterprise Linux 4 and 5.
This issue did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG. It affects the Linux kernel as shipped with Red Hat Enterprise Linux 6 due to incorrect backporting of upstream patches. A future kernel update in Red Hat Enterprise Linux 6 may address this issue.
Not vulnerable. This issue did not affect the version of pidgin as shipped with Red Hat Enterprise Linux 6 as it explicitly disables support for the SILC protocol.
The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/
Not Vulnerable. This issue does not affect the version of radvd package as shipped with Red Hat Enterprise Linux 4, 5 and 6.
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw in radvd.
A failure in privsep_init() does not cause radvd to run with full root privileges when invoked with the --username option specifying an unprivileged user. Rather it will run as a single process as the specified (unprivileged) radvd user, causing this issue to have no security impact (no unintended privilege elevation).
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw in radvd.
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw in radvd.
Not vulnerable. This issue only affects community JBoss AS 7 prior to 7.1.0 Beta 1. It does not affect components shipped with any Red Hat products.
Not vulnerable. This issue only affects community JBoss AS 7 prior to 7.1.0
Beta 1. It does not affect components shipped with any Red Hat products.
Not vulnerable. This issue did not affect the versions of Linux kernel as
shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG as
they did not provide support for the AppArmor security module.
This flaw only affects the clustered implementation in qpid-cpp (qpidd-cpp-server-cluster) which is only available in Red Hat Enterprise MRG. The qpid-cpp-server as provided with Red Hat Enterprise Linux 6 does not include this functionality, and is thus not affected.
This issue does not affect the version of hardlink, as shipped with Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw in hardlink.
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw in hardlink.
This issue did not affect the version of the Linux kernel as shipped with Red Hat Enterprise Linux 4, and 6 as it did not backport the upstream commit ec6fd8a4 that introduced this issue. This has been addressed in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2012-0007.html and https://rhn.redhat.com/errata/RHSA-2012-0010.html.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not include support for EXT4 filesystem. It did not affect the Linux kernel as shipped with Red Hat Enterprise MRG as it has backported the upstream commit 667eff35 that addressed this issue. This has been addressed in Red Hat Enterprise Linux 5 and 6 via https://rhn.redhat.com/errata/RHSA-2012-0107.html and https://rhn.redhat.com/errata/RHSA-2011-1530.html.
This issue did not affect the version of firefox and thunderbird packages as shipped with Red Hat Enterprise Linux 4, 5 and 6. This issue did not affect the version of seamonkey package as shipped with Red Hat Enterprise Linux 4.
This issue did not affect the version of firefox and thunderbird packages as shipped with Red Hat Enterprise Linux 4, 5 and 6. This issue did not affect the version of seamonkey package as shipped with Red Hat Enterprise Linux 4.
This issue did not affect the version of firefox and thunderbird packages as shipped with Red Hat Enterprise Linux 4, 5 and 6. This issue did not affect the version of seamonkey package as shipped with Red Hat Enterprise Linux 4.
This issue did not affect the version of firefox and thunderbird packages as shipped with Red Hat Enterprise Linux 4, 5 and 6. This issue did not affect the version of seamonkey package as shipped with Red Hat Enterprise Linux 4.
This issue did not affect the version of firefox and thunderbird packages as shipped with Red Hat Enterprise Linux 4, 5 and 6. This issue did not affect the version of seamonkey package as shipped with Red Hat Enterprise Linux 4.
This issue did not affect the version of firefox and thunderbird packages as shipped with Red Hat Enterprise Linux 4, 5 and 6. This issue did not affect the version of seamonkey package as shipped with Red Hat Enterprise Linux 4.
This issue did not affect the version of firefox and thunderbird packages as shipped with Red Hat Enterprise Linux 4, 5 and 6. This issue did not affect the version of seamonkey package as shipped with Red Hat Enterprise Linux 4.
This issue affects the version of libxml2 as shipped with Red Hat Enterprise
Linux 4, 5 and 6 and has been addressed via RHSA-2012:0016, RHSA-2012:0017 and
RHSA-2012:0018 respectively. This issue affects the version of mingw32-libxml2
as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team
has rated this issue as having low security impact. A future update may address
this issue in Red Hat Enterprise Linux 6.
This issue affected the versions of libxml2 as shipped with Red Hat Enterprise Linux 4, 5 and 6 and has been addressed via RHSA-2012:0016, RHSA-2012:0017 and RHSA-2012:0018 respectively. This issue affects the version of mingw32-libxml2 as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue in Red Hat Enterprise Linux 6.
This issue does not affect the version of qt as shipped with Red Hat Enterprise Linux 4 and 5. This issue does not affect the version of qt3 as shipped with Red Hat Enterprise Linux 6. This issue does not affect the version of qt4 as shipped with Red Hat Enterprise Linux 5. This issue affects the version of qt as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue.
This issue does not affect the version of pango as shipped with Red Hat Enterprise Linux 4, 5 and 6.
Not Vulnerable. This issue only affects struts 2, it does not affect the versions of struts as shipped with various Red Hat products.
Not vulnerable. This issue did not affect the versions of libvorbis as shipped
with Red Hat Enterprise Linux 4, 5, and 6.
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw in libxslt.
Not vulnerable. This issue did not affect the versions of conga as shipped with Red Hat Cluster Suite for Red Hat Enterprise Linux 4 and as shipped with Red Hat Enterprise Linux 5 as they did not include support for CMFEditions.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not include support for XFS filesystem. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2012-0007.html, https://rhn.redhat.com/errata/RHSA-2012-0350.html, and https://rhn.redhat.com/errata/RHSA-2012-0333.html.
The Red Hat Security Response Team does not consider this to be a security issue. For additional information, refer to: https://bugzilla.redhat.com/show_bug.cgi?id=749324#c1.
Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance
life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore
the fix for this issue is not currently planned to be included in the future
updates. Future kernel updates in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG may address this flaw.
This issue did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 4, and 5 as they did not include support for the GHASH message digest algorithm. This has been addressed in Red Hat Enterprise Linux 6, and MRG via https://rhn.redhat.com/errata/RHSA-2012-0350.html, and https://rhn.redhat.com/errata/RHSA-2012-0010.html.
This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2012-0107.html, https://rhn.redhat.com/errata/RHSA-2012-0571.html, and https://rhn.redhat.com/errata/RHSA-2012-0670.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.
Not vulnerable. This issue did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 4, 5, and 6 as they did not backport the upstream commit 462fb2af that introduced this issue. It did not affect the Linux kernel as shipped with Red Hat Enterprise MRG as it has already backported the upstream patches f8e9881c, 66944e1c, c65353da, and 10949550 that addressed this issue.
Not vulnerable. This issue did not affect the versions of bzip2 as shipped with Red Hat Enterprise Linux 5 and 6 as they did not include the bzexe executable.
This issue did not affect the versions of squid as shipped with Red Hat Enterprise Linux 4 and 5 as they did not include IPv6 support. This issue was introduced with the addition of IPv6 support in Squid 3.1 (in the changes made to the idnsGrokReply function).
This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and 6 as they did not backport the upstream commit f755a04 that introduced this. This has been addressed in Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2012-0333.html.
Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.
Not vulnerable. This issue did not affect the versions of wireshark as shipped
with Red Hat Enterprise Linux 4, 5 and 6, as they did not include support for the CSN.1 dissector.
Not vulnerable. This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 4, 5 and 6.
This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 4 as they do not include support for DTLS protocol.
This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 4 and 6.
This issue affects the Linux kernel as shipped with Red Hat Enterprise Linux 4,
5, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1479.html, https://rhn.redhat.com/errata/RHSA-2011-1530.html, and https://rhn.redhat.com/errata/RHSA-2012-0010.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.
This issue does not affect versions of kvm package as shipped with Red Hat
Enterprise Linux 5.
Red Hat Security Response team does not consider this bug to be security relevant one due to the privileges required to exploit this issue.
The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
This issue affects the Linux kernel as shipped with Red Hat Enterprise Linux 4,
5, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2012-0107.html, https://rhn.redhat.com/errata/RHSA-2011-1849.html, and https://rhn.redhat.com/errata/RHSA-2012-0333.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.
This issue does not affect the version of gnutls as shipped with Red Hat Enterprise Linux 4.
This issue does not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4 as it does not provide support for NFS ACLs. This issue does not affect the Linux kernel as shipped with Red Hat Enterprise Linux 5. This has been addressed in Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2012-0333.html. Future kernel updates in Red Hat Enterprise Linux 6 may address this issue.
This issue affects the Linux kernel as shipped with Red Hat Enterprise Linux 4,
5, 6, and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2012-0007.html, https://rhn.redhat.com/errata/RHSA-2012-0350.html, and https://rhn.redhat.com/errata/RHSA-2012-0010.html. Red Hat
Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle,
https://access.redhat.com/support/policy/updates/errata/, therefore the fix for
this issue is not currently planned to be included in the future updates.
Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 4, 5 or 6.
This issue does affect Red Hat Enterprise Virtualization 2 and 3.
Red Hat Enterprise Virtualization 2 is now in Production 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Virtualization Life Cycle: https://access.redhat.com/support/policy/updates/rhev/.
This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 4 and 5 due to differences in apr-util's apr_uri_parse() implementation.
This issue did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as they did not have the vulnerable code as introduced in history:1a7bc914. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2012-0007.html. Red Hat Enterprise Linux 4 is now in Production 3 of the maintenance life-cycle, https://access.redhat.com/support/policy/updates/errata/, therefore the fix for this issue is not currently planned to be included in the future updates.
This issue did not affect the version of the Linux kernel as shipped with Red
Hat Enterprise Linux 4, 6 and Red Hat Enterprise MRG. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2012-0007.html.
This issue did not affect the versions of Linux kernel as shipped with Red Hat
Enterprise Linux 4 and 5 as they did not provide support for UDP Fragmentation Offload (UFO) functionality. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2011-1465.html, and https://rhn.redhat.com/errata/RHSA-2012-0010.html.
Not vulnerable. This issue did not affect the versions of openssh as shipped with Red Hat Enterprise Linux 4, 5, and 6, as they use a built-in entropy pool to generate and retrieve entropy information when performing host-based authentication.
This issue did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as they did not include support for the Hierarchical File System (HFS) file system. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2012-0007.html.
Not vulnerable. This issue affects the MyFaces 2 package, which is not shipped with any Red Hat products.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and Red Hat Enterprise MRG as they did not provide support for the KVM subsystem. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2012-0350.html. A future kvm update in Red Hat Enterprise 5 may address this flaw.
This issue did not affect the version of the Linux kernel as shipped with Red Hat Enterprise Linux 4, 6 and Red Hat Enterprise MRG as they were not vulnerable to CVE-2011-2482. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2012-0007.html.
This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 3, 4, 5, or 6 as they did not include support for the ECDH or ECDHE ciphers.
Not vulnerable. This issue affects the Mojarra 2 package, which is not
shipped with any Red Hat products.
Not vulnerable. This issue did not affect the versions of system-config-printer as shipped with Red Hat Enterprise Linux 4, 5, or 6 as they did not include support for installing driver packages from the OpenPrinting database, only PPDs (with user consent).
The ASF Security Team does not consider resource exhaustion caused by .htaccess files to be a security defect. The Red Hat Security Response Team agrees with their assessment and so does not consider this to be a security flaw.
The Red Hat Security Response Team has rated this issue as having Low security impact for the jetty-eclipse package in Red Hat Enterprise Linux 6. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
This issue did not affect the versions of dhcp as shipped with Red Hat Enterprise Linux 4 and 5.
This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 3, 4 and 5.
This issue affects the versions of the acpid package, as shipped with Red Hat
Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw in acpid.
This issue did not affect the versions of Linux kernel as shipped with Red Hat
Enterprise Linux 4, 5 and Red Hat Enterprise MRG as they did not provide support for the sendmmsg syscall. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2012-0350.html.
This issue affect Red Hat Enterprise Linux 6 and has been addressed via
https://rhn.redhat.com/errata/RHBA-2012-0013.html. Red Hat Enterprise Linux 5 is
not affected. The Red Hat Security Response Team has rated this issue as having
low security impact. For additional information, refer to the Issue Severity
Classification: https://access.redhat.com/security/updates/classification/.
Not vulnerable. This issue did not affect the version of pidgin as shipped with Red Hat Enterprise Linux 6 as it explicitly disables support for the SILC protocol.
Not vulnerable. This issue did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG as they did not include support for the BATMAN (Better Approach To Mobile Ad-hoc Networking) out-of-tree kernel module.
This issue did not affect the Linux kernels as shipped with Red Hat Enterprise Linux 4 and 5 as they did not have support for Performance event. It did not affect Red Hat Enterprise MRG as it did not provide support for PowerPC. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2012-0350.html.
This issue does not affect Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and Red Hat Enterprise MRG as they did not provide support for the KVM subsystem. It has been addressed in Red Hat Enterprise 5 and 6 via https://rhn.redhat.com/errata/RHSA-2012-0051.html and https://rhn.redhat.com/errata/RHSA-2012-0350.html.
We do not currently plan to fix this issue due to the lack of further
information about the flaw and its impact. If more information becomes
available at a future date, we may revisit the issue.
We do not currently plan to fix this issue due to the lack of further
information about the flaw and its impact. If more information becomes
available at a future date, we may revisit the issue.
This issue affects the version of php and php53 as shipped with Red Hat Enterprise Linux 5. This issue affects the version of php as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having moderate security impact. This issue is not currently planned to be addressed in future updates. This issue may be mitigated with userland code changes as noted in https://wiki.php.net/rfc/strict_sessions#current_solution
A buffer overflow flaw was found in the MIT krb5 telnet daemon (telnetd) as shipped with all supported versions of Red Hat Enterprise Linux. A remote attacker who can access the telnet port of a target machine could use this flaw to execute arbitrary code as root.
While we are aware of public exploits for this issue that include targets for Red Hat Enterprise Linux 3, we are not aware of any yet which would be successful in gaining arbitrary root code execution in Red Hat Enterprise Linux 4, 5, or 6. However it is plausible that one could be created to do so.
Note that the krb5 telnet daemon is not enabled by default in any version of Red Hat Enterprise Linux. In addition, the default firewall rules block remote access to the telnet port. This flaw does not affect the telnet daemon distributed in the telnet-server package.
For users who have enabled the krb5 telnet daemon and have it accessible remotely, they should disable it or apply the updates we have released.
Since same encryption code is shared between the MIT krb5 telnet daemon and the telnet client, this issue affects the telnet client as well. The updates we have released fixes the issue for both, the telnet daemon and the telnet client.
Not vulnerable. This issue did not affect the versions of dhcp as shipped with Red Hat Enterprise Linux 4, 5, and 6 as they did not include support for enhanced DDNS logging.
Not vulnerable. Apache ActiveMQ is not shipped with any supported Red Hat products.
Not vulnerable. This issue did not affect the versions of Linux kernel as
shipped with Red Hat Enterprise Linux 4, 5, 6, or Red Hat Enterprise MRG. Red
Hat does not provide support for the ROSE protocol.
Not vulnerable. This issue did not affect the versions of Linux kernel as
shipped with Red Hat Enterprise Linux 4, 5, 6, or Red Hat Enterprise MRG. Red
Hat does not provide support for the ROSE protocol.
The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue in Red Hat Enterprise Linux 4 or 5 (it has been addressed in Red Hat Enterprise Linux 6). For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Not Vulnerable. This issue does not affect the version of pidgin as shipped with Red Hat Enterprise Linux 5 and 6.
The Red Hat Security Response Team has rated this issue as having low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Not vulnerable. This issue did not affect the version of polkit as shipped with Red Hat Enterprise Linux 6 as it did not include the upstream commit 763faf434b445c20ae9529100d3ef5290976d0c9 that introduced this issue.
This issue did not affect the version of cobbler as shipped with Red Hat Network Satellite Server 5.4 as Red Hat Network Satellite Server did not include support for Cobbler web interface.
This issue did not affect the version of cobbler as shipped with Red Hat Network Satellite Server 5.4 as it did not include the upstream commit d7b30b5fca5097c544ca37ade8c945a3106b1896 that introduced this flaw.
This issue did not affect the version of cobbler as shipped with Red Hat Network Satellite Server 5.4 as it did not include the upstream commit be4fc806637cf8cec275fea80b892182879580eb that introduced this flaw.
The Red Hat Security Response Team has rated this issue as having moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
This issue affects the version of memcached as shipped with Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.
Not vulnerable. This issue affects the GlassFish Web Container component. This
component is not shipped with any Red Hat products. JBoss Web and Tomcat
provide the web container used in all JBoss products.
Not Vulnerable. This issue does not affect the versions of struts as shipped with various Red Hat products.
This issue affects the versions of nss in Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this issue as having Low security impact.
We currently have no plans to fix this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification
This issue was addressed in Red Hat Enterprise Linux 5 openssl packages via RHBA-2011:1010, bug 698175. It did not affect openssl packages shipped with Red Hat Enterprise Linux 6.
This bug is not a security issue. For detailed explanation, refer to:
https://bugzilla.redhat.com/show_bug.cgi?id=853321#c4
Not Vulnerable. This issue did not affect the version of tetex as shipped with Red Hat Enterprise Linux 5. This issue does not affect the version of t1lib and evince as shipped with Red Hat Enterprise Linux 6. Because the advisory released to fix CVE-2010-2642 completely resolved the problem without introducing this flaw.
Not vulnerable. This issue did not affect the pacemaker packages shipped by Red Hat as the packages are not built in the /tmp/ directory.
Not vulnerable. This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 4, 5, or 6.
Not vulnerable. This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 3, 4, 5 and 6, as they did not include GOST engine support.
This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not have support for robust futexes. It did not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as they have the backported fixes. This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2012-0107.html.
Not vulnerable. This issue did not affect the versions of emacs as shipped with Red Hat Enterprise Linux 4, 5 or 6 as they did not include support for CEDET.
Not vulnerable. This issue did not affect the versions of curl as shipped with Red Hat Enterprise Linux 4, 5 or 6.
This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not have support for the XFS file system. It did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 5 as it did not backport the upstream commit ef14f0c1 that introduced the vulnerability. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2012-0350.html, and https://rhn.redhat.com/errata/RHSA-2012-0333.html.
This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 4, 5 and 6.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 as they did not backport commit 884840aa that introduced this issue.
This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 4 and Red Hat Enterprise MRG as they did not provide support for the KVM subsystem. This issue did not affect the versions of kvm as shipped with Red Hat Enterprise Linux 5 as they did not include support for syscall instruction emulation. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2012-0350.html.
Not vulnerable. This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 3, 4, 5, and 6.
This issue affects httpd packages as shipped with Red Hat Enterprise Linux 3 and 4, which are now in the Extended Life Phase of their life cycle. Therefore this issue is not planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/
Not vulnerable. This issue did not affect the Linux kernels as shipped with Red
Hat Enterprise Linux 4, 5, 6, and Red Hat Enterprise MRG as they did not provide support for overlayfs.
This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 as it did not backport the upstream commit 198214a7ee. This has been addressed in Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2012-0052.html and https://rhn.redhat.com/errata/RHSA-2012-0061.html. For more information, please read https://access.redhat.com/kb/docs/DOC-69129.
Not vulnerable. This issue did not affect versions of xorg-x11 as shipped with Red Hat Enterprise Linux 4. This issue did not affect versions of xkeyboard-config as shipped with Red Hat Enterprise Linux 5 and 6.
Not vulnerable. This issue did not affect the versions of usbmuxd as shipped with Red Hat Enterprise Linux 6.
Not vulnerable. This issue did not affect the versions of wireshark as shipped
with Red Hat Enterprise Linux 4, 5, and 6.
Oracle OpenSSO is provided as part of the opensso quickstart example application shipped with JBoss Enterprise SOA Platform 5. The CVE-2011-3506, CVE-2011-3517, and CVE-2012-0079 flaws are not exposed unless the opensso quickstart example application is deployed, or you have created and deployed a custom application that is packaged with a copy of Oracle OpenSSO as provided by the opensso quickstart.
The opensso quickstart has been removed in JBoss Enterprise SOA Platform 5.3.0 to address these flaws. Users interested in continuing to receive updates for their custom applications using Oracle OpenSSO are advised to contact Oracle as Red Hat is no longer supporting OpenSSO.
Not vulnerable. According to the upstream report, this flaw affects MySQL 5.5.x, which is not provided in Red Hat Enterprise Linux 4, 5, or 6.
This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4 as it did not backport the upstream commit 5b7c8406.
This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and 6, and Red Hat Enterprise MRG, as those versions have a guard page between the end of the user-mode accessible virtual address space and the beginning of the non-canonical area due to CVE-2005-1764 fix, and hardened system call handler due to CVE-2006-0744 fix.
This issue did affect the versions of Xen hypervisor as shipped with Red Hat Enterprise Linux 5. A kernel-xen update for Red Hat Enterprise Linux 5 is available to address this flaw.
Not vulnerable.
This issue did not affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5 as we did not have support for sysenter and compat (32bit) version of syscall instructions for PV guests running on the Xen hypervisor (introduced in upstream changeset 16207:aeebd173c3fa).
This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG as we did not have support for Xen hypervisor.
Not vulnerable. This issue did not affect the versions of gnutls as shipped with Red Hat Enterprise Linux 4, 5 and 6 as they did not include support for DTLS.
Not Vulnerable. This issue does not affect the versions of struts as shipped
with various Red Hat products.
Not Vulnerable. This issue does not affect the versions of struts as shipped
with various Red Hat products.
Not Vulnerable. This issue does not affect the versions of struts as shipped
with various Red Hat products.
Not Vulnerable. This issue does not affect the versions of struts as shipped
with various Red Hat products.
Not vulnerable. This issue did not affect the versions of firefox as shipped with Red Hat Enterprise Linux 4, 5, or 6.
Not Vulnerable. These issues do not affect the versions of firefox and thunderbird package, as shipped with Red Hat Enterprise Linux 5 and 6.
Not vulnerable. According to the upstream report, this flaw affects MySQL 5.5.x, which is not provided in Red Hat Enterprise Linux 4, 5, or 6.
Not vulnerable. According to the upstream report, this flaw affects MySQL 5.5.x, which is not provided in Red Hat Enterprise Linux 4, 5, or 6.
Not vulnerable. According to the upstream report, this flaw affects MySQL 5.5.x, which is not provided in Red Hat Enterprise Linux 4, 5, or 6.
Not vulnerable. According to the upstream report, this flaw affects MySQL 5.5.x, which is not provided in Red Hat Enterprise Linux 4, 5, or 6.
Not vulnerable. According to the upstream report, this flaw affects MySQL 5.5.x, which is not provided in Red Hat Enterprise Linux 4, 5, or 6.
Not vulnerable. According to the upstream report, this flaw affects MySQL 5.5.x, which is not provided in Red Hat Enterprise Linux 4, 5, or 6.
Not vulnerable. According to the upstream report, this flaw affects MySQL 5.5.x, which is not provided in Red Hat Enterprise Linux 4, 5, or 6.
Not vulnerable. According to the upstream report, this flaw affects MySQL 5.5.x, which is not provided in Red Hat Enterprise Linux 4, 5, or 6.
Not vulnerable. According to the upstream report, this flaw affects MySQL 5.5.x, which is not provided in Red Hat Enterprise Linux 4, 5, or 6.
Not vulnerable. This issue affects the Java Update mechanism which is only available on the Microsoft Windows platform.
Not vulnerable. This issue did not affect the versions of mysql as shipped with Red Hat Enterprise Linux 5 and 6, since MySQL packages in Red Hat Enterprise Linux are linked against OpenSSL, and not against yaSSL.
Not vulnerable. Upstream notes this issue only affected MySQL 5.5.x. Red Hat Enterprise Linux 5 and 6 include MySQL versions 5.0.x and 5.1.x respectively, which are not listed as affected.
On Red Hat Enterprise Linux 5.10, new MySQL 5.5 packages are available which are not vulnerable to this issue. Future updates for MySQL 5.0 will no longer be made available (mysql-5.0.* and related packages); security advisories will be provided only for MySQL 5.5. Please refer to https://rhn.redhat.com/errata/RHEA-2013-1330.html for further information.
The Red Hat Security Response Team has rated this issue as having low security impact. Trousers is only useful on systems with TPM hardware, additionally local access is required to exploit of this issue. Exploitation of this issue only results in a crash of the tcsd daemon which can be restarted. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Red Hat does not consider this flaw to be a security issue. The bug can only be triggered by the PHP script author, which does not cross trust boundary.
Not Vulnerable. This issue only affects Apache CXF 2.4.5 and 2.5.1. Earlier versions were not affected and later versions include a fix for this issue. This issue does not affect the versions of Apache CXF as shipped with various Red Hat products.
Not vulnerable. This issue did not affect the versions of sudo as shipped with Red Hat Enterprise Linux 4, 5, or 6 as they did not include the vulnerable debugging support.
This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4, 5, and 6. This has been addressed in Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2012-0333.html.
Not vulnerable. This issue did not affect the versions of openssh as shipped with Red Hat Enterprise Linux 4, 5, or 6.
Not vulnerable. This issue did not affect the versions of samba as shipped with Red Hat Enterprise Linux 4, 5, and 6. This issue did not affect the version of samba3x as shipped with Red Hat Enterprise Linux 5. This issue did not affect the version of samba4 as shipped with Red Hat Enterprise Linux 6.
Not vulnerable. This issue did not affect the versions of libvpx as shipped
with Red Hat Enterprise Linux 6.
Not vulnerable. This issue did not affect the versions of xchat as shipped
with Red Hat Enterprise Linux 4, 5, and 6.
This issue does not affect the version of php as shipped with Red Hat Enterprise Linux 5.
Not Vulnerable. This issue does not affect the versions of struts as shipped with various Red Hat products.
The Red Hat Security Response Team has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
The Red Hat Security Response Team has rated this issue as having low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
This issue does affect Red Hat Enterprise Virtualization 2 and 3.
Red Hat Enterprise Virtualization 2 is now in Production 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Virtualization Life Cycle: https://access.redhat.com/support/policy/updates/rhev/.
This issue does affect Red Hat Enterprise Virtualization 2 and 3.
Red Hat Enterprise Virtualization 2 is now in Production 2 phase of the support and maintenance life cycle. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Virtualization Life Cycle: https://access.redhat.com/support/policy/updates/rhev/.
This issue did not affect samba3x packages as shipped with Red Hat Enterprise Linux 5 and samba packages as shipped with Red Hat Enterprise Linux 6, as it only affected Samba versions prior to 3.4.0. This issue was addressed in samba packages in Red Hat Enterprise Linux 4 and 5 via RHSA-2012:0332.
This issue affects the Linux kernel as shipped with Red Hat Enterprise Linux 6. This issue does not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4 and 5 as they did not provide support for CLONE_IO. This issue does not affect the Linux kernel as shipped with Red Hat Enterprise MRG as they already contain the fix. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2012-0481.html.
We do not currently plan to fix this issue due to the lack of further
information about the flaw and its impact. If more information becomes
available at a future date, we may revisit the issue.
Not vulnerable. This issue did not affect the versions of httpd as shipped with Red Hat Enterprise Linux 3, 4, 5 and 6.
This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 5.
This issue did not affect the version of Linux kernel as shipped with Red Hat Enterprise Linux 6.
This issue did affect the version of Linux kernel as shipped with Red Hat Enterprise MRG 2.
Not Vulnerable. This issue only affects struts 2, it does not affect the versions of struts as shipped with various Red Hat products.
Not Vulnerable. This issue only affects the struts-cookbook and struts-examples packages, which are not shipped by Red Hat. It does not affect the struts component as shipped with various Red Hat products.
Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 4, 5, or 6.
Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 4 and 5.
Not Vulnerable. This issue does not affect the version of krb5 package as shipped with Red Hat Enterprise Linux 5 and 6.
Not vulnerable. This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 5.
This issue did not affect the versions of krb5 as shipped with Red Hat Enterprise Linux 5 as they did not include support for PKINIT.
These issues only affect a script used during package build and do not affect binary iproute packages shipped with Red Hat Enterprise Linux. Therefore, they are not planned to be addressed in iproute packages in Red Hat Enterprise Linux 5 and 6, they are only planned to be addressed in the future Red Hat Enterprise Linux versions.
This issue did not affect the Linux kernel as shipped with Red Hat Enterprise
Linux 4 and 5 as they did not backport the commit
a6ce4932fbdbcd8f8e8c6df76812014351c32892 that introduced this issue. This issue did not affect the Linux kernel as shipped with Red Hat Enterprise MRG 2. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2012-0481.html.
Not vulnerable. This issue only affects community JBoss AS 7 prior to 7.1.1. It does not affect components shipped with any Red Hat products.
This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 5 as it did not backport upstream commits 4206d3aa and 5bde4d18.
Not vulnerable. This issue did not affect the versions of taglib as shipped with Red Hat Enterprise Linux 6.
taglib is only used in client applications. We do not consider a user-assisted crash of a client application such as k3b or Totem to be a security issue.
Not vulnerable. This issue did not affect freetype packages as shipped with Red Hat Enterprise Linux 5 and 6, as they do not enable TrueType bytecode interpreter.
This bug is not a security issue. For detailed explanation, refer to: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1129#c5
Not vulnerable. This issue did not affect freetype packages as shipped with Red Hat Enterprise Linux 3, 4, 5, and 6.
Not vulnerable. This issue did not affect freetype packages as shipped with Red Hat Enterprise Linux 5 and 6, as they do not enable TrueType bytecode interpreter.
Not vulnerable. This issue did not affect freetype packages as shipped with Red Hat Enterprise Linux 5 and 6, as they do not enable TrueType bytecode interpreter.
This vulnerability only applies to RHN Satellite 5.4 when running on Red Hat Enterprise Linux 6 under mod_wsgi. As the code uses mod_python when performing these checks on Red Hat Enterprise Linux 5, that version is not vulnerable to this flaw.
This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 as they did not include support for control groups. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6 as they did not include support for memory control groups threshold notifications. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise MRG as they did not include support for memory control groups.
Not vulnerable. This issue did not affect the versions of libzip and php as shipped with Red Hat Enterprise Linux 6. This issue did not affect the versions of php53 as shipped with Red Hat Enterprise Linux 5.
Not vulnerable. This issue did not affect the versions of libzip and php as shipped with Red Hat Enterprise Linux 6. This issue did not affect the versions of php53 as shipped with Red Hat Enterprise Linux 5.
This issue did not affect openldap as shipped with Red Hat Enterprise Linux 5 as it did not contain the relevant assertion. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2012-0899.html
We do not consider safe_mode / open_basedir restriction bypass issues to be security sensitive. For more details see http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=169857#c1 and http://www.php.net/security-note.php
The Red Hat Security Response Team has rated this issue as having moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
This issue affects the version of samba4, openchange and evolution-mapi packages as shipped with Red Hat Enterprise Linux 6. A future security update may address this flaw.
Not vulnerable. This issue did not affect the versions of ImageMagick as shipped with Red Hat Enterprise Linux 5 and 6 as they did not backport the insufficient patch for CVE-2012-0247.
Not vulnerable. This issue did not affect the versions of ImageMagick as shipped with Red Hat Enterprise Linux 5 and 6 as they did not backport the insufficient patch for CVE-2012-0248.
The Red Hat Security Response Team has rated this issue as having low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Not Vulnerable. This issue did not affect the version of openjpeg as shipped with Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this issue as having low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Not Vulnerable. This issue does not affect